search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
2.92k stars 406 forks source link

[Vulnerabilities] False negative for VirtualBox.app #20846

Open ksatter opened 1 month ago

ksatter commented 1 month ago

Fleet version: v4.54.1

💥  Actual behavior

CVE-2024-21141 affects all installations of Oracle VM VirtualBox prior to v7.0.20.

In Fleet, this vulnerability is detected for Windows versions of VirtualBox:

image

But is not detected on MacOS:

image

🧑‍💻  Steps to reproduce

  1. Enroll a host with VirtualBox version prior to v7.0.2
  2. Run vulnerability scans

Dogfood links:

VirtualBox - MacOS VirtualBox - Windows CVE-2024-21141

🕯️ More info (optional)

N/A

JoStableford commented 1 month ago

Related to a Slack conversation