search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
3.15k stars 432 forks source link

CVE-2024-52308 - Fleet not detecting GitHub / gh CLI CVE #24009

Open nonpunctual opened 16 hours ago

nonpunctual commented 16 hours ago

Fleet version: <!-- Copy this from the "My account" page in the Fleet UI, or run fleetctl --version --> Fleet 4.58.0 • Go go1.23.1

Web browser and operating system: N/A

💥  Actual behavior

CVE-2024-52308 - https://github.com/cli/cli/security/advisories/GHSA-p2h2-3vg9-4p87

THis CVE affects the Github CLI - the binary name is gh

FleetDM seems not able to detect it probably because the CPE cpe:2.3:a:github:cli:*:*:*:*:*:*:*:*, calls the app cli and not gh?

Github calls it gh in their documentation.

🧑‍💻  Steps to reproduce

Look for CVE-2024-52308 in Fleet vulnerability data.

N/A

nonpunctual commented 16 hours ago

Do we have queries we use for testing that parse CPEs that we can share? Thanks.