search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
2.92k stars 405 forks source link

CVE-2024-4030 vulncheck false positive #19562

Open dherder opened 3 months ago

dherder commented 3 months ago

Fleet version: 4.50.2

Web browser and operating system: chrome Version 125.0.6422.113 (Official Build) (arm64)

💥  Actual behavior

Vulnerability CVE-2024-4030 looks to be a false positive. The CVE impacts windows only hosts, but the data feed from VulnCheck is incorrectly attributing the vuln to macOS devices as well.

See https://fleetdm.slack.com/archives/C01EZVBHFHU/p1717685995719249

🧑‍💻  Steps to reproduce

  1. look at vulncheck api data: GET https://api.vulncheck.com/v3/index/nist-nvd2?cve=CVE-2024-4030
  2. refer to vendor documentation regarding attribution: https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/

From the vendor (python.org) site: "If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability"

sharon-fdm commented 3 months ago

@mostlikelee do we need to reproduce this or can we just add a check that macos is not listed?

I'm removing the reproduce label, but please add it back if you need any reproduction here.