Plugin IDs are one-to-many to CVEs

rye / nessana

A Nessus dump parser and differ

GNU Affero General Public License v3.0

0 stars 0 forks source link

Plugin IDs are one-to-many to CVEs #87

Open rye opened 5 years ago

rye commented 5 years ago

Yeah. It's true.

For instance there's one that happens to have the same name, id, but completely different CVE, CVSS, etc.

We should handle this better. Uniquing by id isn't good enough, that's for sure.

rye commented 5 years ago

Actually, looking more at these instances, they have the same See Also, Description, Synopsis, Name, and Plugin, etc. The only thing that differs is the CVE field.

But now that I think about it, each plugin might have different plugin output for each detection, too.