search

cisagov / vulnrichment

A repo to conduct vulnerability enrichment.
Creative Commons Zero v1.0 Universal
485 stars 38 forks source link

Incorrect CPE for makeplane:plane #125

Closed j-baines closed 1 month ago

j-baines commented 1 month ago

Found here: https://github.com/cisagov/vulnrichment/blob/b0f4453c3e1c7535ebcd70dae13e6601b1d1a8db/2024/47xxx/CVE-2024-47830.json#L120

        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:makeplane:plane:*:*:*:*:*:*:*:*"
            ],
            "vendor": "makeplane",
            "product": "plane",
            "versions": [
              {
                "status": "affected",
                "version": "0",
                "lessThan": "0.23.0",
                "versionType": "custom"
              }
            ],
            "defaultStatus": "unknown"
          }
        ]

The official CPE for makeplane:plane is plane:plane. See this old CVE and the NVD dictionary:

  1. https://nvd.nist.gov/vuln/detail/CVE-2023-2268
  2. https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aplane%3Aplane
jwoytek-cisa commented 1 month ago

@j-baines thank you for the report! Our analysts reviewed and updated this entry to be consistent.