Can't sync agents from Wazuh

[sakkarose]

Describe the issue The agent on CoPilot is outdated with old deleted agents so I will need to sync for newest agents since they don't automatically update.

To Reproduce Steps to reproduce the behavior:

1. Go to Agents > Sync.

Expected behavior The current agent list from Wazuh will be populated on CoPilot.

Screenshots

**Container Logs

2024-07-20 01:44:15.404 | INFO     | app.connectors.wazuh_manager.utils.universal:create_wazuh_manager_client:92 - Verifying the wazuh-manager connection to https://10.255.2.246:55000
/opt/venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1056: InsecureRequestWarning: Unverified HTTPS request is being made to host '10.255.2.246'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  warnings.warn(
2024-07-20 01:44:15.940 | DEBUG    | app.connectors.wazuh_manager.utils.universal:create_wazuh_manager_client:106 - Wazuh Authentication Token successful
2024-07-20 01:44:15.941 | INFO     | app.connectors.utils:get_connector_info_from_db:29 - Fetching connector Wazuh-Manager from database
/opt/venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1056: InsecureRequestWarning: Unverified HTTPS request is being made to host '10.255.2.246'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  warnings.warn(
/opt/venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1056: InsecureRequestWarning: Unverified HTTPS request is being made to host '10.255.2.246'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  warnings.warn(
2024-07-20 01:44:16.021 | INFO     | app.agents.routes.agents:get_wazuh_manager_version:60 - Fetched Wazuh Manager version: {'data': {'data': {'title': 'Wazuh API REST', 'api_version': '4.8.0', 'revision': 40812, 'license_name': 'GPL 2.0', 'license_url': 'https://github.com/wazuh/wazuh/blob/v4.8.0/LICENSE', 'hostname': 'wazuhserver', 'timestamp': '2024-07-20T01:44:15Z'}, 'error': 0}, 'success': True, 'message': 'Successfully retrieved data'}
2024-07-20 01:44:16.021 | INFO     | app.agents.routes.agents:get_agent_vulnerabilities:458 - Wazuh Manager version is 4.8.0 or higher. Fetching vulnerabilities using new API
2024-07-20 01:44:16.022 | INFO     | app.agents.wazuh.services.vulnerabilities:collect_agent_vulnerabilities_new:85 - Collecting agent 005 vulnerabilities from Wazuh Indexer Index
2024-07-20 01:44:16.022 | INFO     | app.db.db_session:get_db_session:181 - DB session created
2024-07-20 01:44:16.022 | INFO     | app.connectors.utils:get_connector_info_from_db:29 - Fetching connector Wazuh-Indexer from database
2024-07-20 01:44:16.027 | INFO     | app.db.db_session:get_db_session:189 - Closing DB session
2024-07-20 01:44:16.029 | INFO     | app.connectors.wazuh_indexer.utils.universal:collect_indices:219 - Collecting indices from Elasticsearch
2024-07-20 01:44:16.030 | INFO     | app.db.db_session:get_db_session:181 - DB session created
2024-07-20 01:44:16.030 | INFO     | app.connectors.utils:get_connector_info_from_db:29 - Fetching connector Wazuh-Indexer from database
2024-07-20 01:44:16.034 | INFO     | app.db.db_session:get_db_session:189 - Closing DB session
/opt/venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1056: InsecureRequestWarning: Unverified HTTPS request is being made to host '10.255.2.246'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  warnings.warn(
2024-07-20 01:44:16.051 | INFO     | app.agents.wazuh.services.vulnerabilities:collect_agent_vulnerabilities_new:88 - Indices collect: indices_list=['opnsense_0', 'gl-events_0', '.kibana_1', 'wazuh-monitoring-2024.29w', '.opendistro_security', 'wazuh-monitoring-2024.28w', '.tasks', '.opensearch-observability', '.plugins-ml-config', 'graylog_0', 'gl-system-events_0', 'wazuh-statistics-2024.28w', 'wazuh-statistics-2024.29w', 'wazuh-states-vulnerabilities-wazuhserver'] success=True message='Indices collected successfully'
/opt/venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1056: InsecureRequestWarning: Unverified HTTPS request is being made to host '10.255.2.246'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  warnings.warn(
/opt/venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1056: InsecureRequestWarning: Unverified HTTPS request is being made to host '10.255.2.246'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  warnings.warn(
/opt/venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1056: InsecureRequestWarning: Unverified HTTPS request is being made to host '10.255.2.246'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  warnings.warn(
/opt/venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1056: InsecureRequestWarning: Unverified HTTPS request is being made to host '10.255.2.246'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  warnings.warn(
/opt/venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1056: InsecureRequestWarning: Unverified HTTPS request is being made to host '10.255.2.246'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  warnings.warn(
/opt/venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1056: InsecureRequestWarning: Unverified HTTPS request is being made to host '10.255.2.246'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  warnings.warn(
2024-07-20 01:44:16.098 | INFO     | app.agents.wazuh.services.vulnerabilities:process_agent_vulnerabilities_new:130 - Processing agent vulnerabilities: [{'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'transitional package for polkitd and pkexec', 'name': 'policykit-1', 'size': 29, 'type': 'deb', 'version': '0.105-33'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': "pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", 'detected_at': '2024-07-19T15:08:47.220Z', 'enumeration': 'CVE', 'id': 'CVE-2016-2568', 'published_at': '2017-02-13T18:59:00Z', 'reference': 'https://bugzilla.redhat.com/show_bug.cgi?id=1300746, http://www.openwall.com/lists/oss-security/2016/02/26/3, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816062, https://access.redhat.com/security/cve/cve-2016-2568, https://ubuntu.com/security/CVE-2016-2568', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 4.4, 'version': '2.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'name': 'Pygments', 'path': '/usr/lib/python3/dist-packages/Pygments-2.11.2.egg-info/PKG-INFO', 'size': 0, 'type': 'pypi', 'version': '2.11.2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.', 'detected_at': '2024-07-19T15:08:47.223Z', 'enumeration': 'CVE', 'id': 'CVE-2022-40896', 'published_at': '2023-07-19T15:15:10Z', 'reference': 'https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/, https://pypi.org/project/Pygments/, https://github.com/pygments/pygments/blob/master/pygments/lexers/smithy.py#L61, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZGMXALE3HSP4OXC7UUWIKX3OXKZDTY3/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZO4BQCIY2S2KZYHERQMKURB7AHXDBO/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.5, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'name': 'Twisted', 'path': '/usr/lib/python3/dist-packages/Twisted-22.1.0.egg-info/PKG-INFO', 'size': 0, 'type': 'pypi', 'version': '22.1.0'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.', 'detected_at': '2024-07-19T15:08:47.322Z', 'enumeration': 'CVE', 'id': 'CVE-2023-46137', 'published_at': '2023-10-25T21:15:10Z', 'reference': 'https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'name': 'Twisted', 'path': '/usr/lib/python3/dist-packages/Twisted-22.1.0.egg-info/PKG-INFO', 'size': 0, 'type': 'pypi', 'version': '22.1.0'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds.', 'detected_at': '2024-07-19T15:08:47.323Z', 'enumeration': 'CVE', 'id': 'CVE-2022-39348', 'published_at': '2022-10-26T20:15:10Z', 'reference': 'https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647, https://lists.debian.org/debian-lts-announce/2022/11/msg00038.html, https://github.com/twisted/twisted/commit/f2f5e81c03f14e253e85fe457e646130780db40b, https://github.com/twisted/twisted/commit/f49041bb67792506d85aeda9cf6157e92f8048f4, https://security.gentoo.org/glsa/202301-02', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.4, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'name': 'Twisted', 'path': '/usr/lib/python3/dist-packages/Twisted-22.1.0.egg-info/PKG-INFO', 'size': 0, 'type': 'pypi', 'version': '22.1.0'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': "Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.", 'detected_at': '2024-07-19T15:08:47.323Z', 'enumeration': 'CVE', 'id': 'CVE-2022-21716', 'published_at': '2022-03-03T21:15:07Z', 'reference': 'https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx, https://twistedmatrix.com/trac/ticket/10284, https://lists.debian.org/debian-lts-announce/2022/03/msg00009.html, https://github.com/twisted/twisted/commit/89c395ee794e85a9657b112c4351417850330ef9, https://www.oracle.com/security-alerts/cpuapr2022.html, https://github.com/twisted/twisted/releases/tag/twisted-22.2.0, https://security.gentoo.org/glsa/202301-02, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.0, 'version': '2.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'name': 'Twisted', 'path': '/usr/lib/python3/dist-packages/Twisted-22.1.0.egg-info/PKG-INFO', 'size': 0, 'type': 'pypi', 'version': '22.1.0'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': "Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy.", 'detected_at': '2024-07-19T15:08:47.323Z', 'enumeration': 'CVE', 'id': 'CVE-2022-24801', 'published_at': '2022-04-04T18:15:07Z', 'reference': 'https://lists.debian.org/debian-lts-announce/2022/05/msg00003.html, https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac, https://www.oracle.com/security-alerts/cpujul2022.html, https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1, https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 6.8, 'version': '2.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'system and service manager', 'name': 'systemd', 'size': 16296, 'type': 'deb', 'version': '249.11-0ubuntu3.12'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.', 'detected_at': '2024-07-19T15:08:47.341Z', 'enumeration': 'CVE', 'id': 'CVE-2023-7008', 'published_at': '2023-12-23T13:15:07Z', 'reference': 'https://bugzilla.redhat.com/show_bug.cgi?id=2222261, https://bugzilla.redhat.com/show_bug.cgi?id=2222672, https://github.com/systemd/systemd/issues/25676, https://access.redhat.com/security/cve/CVE-2023-7008, https://access.redhat.com/errata/RHSA-2024:2463, https://access.redhat.com/errata/RHSA-2024:3203, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.9, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'Interactive high-level object-oriented language (version 3.10)', 'name': 'python3.10', 'size': 633, 'type': 'deb', 'version': '3.10.12-1~22.04.4'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.', 'detected_at': '2024-07-19T15:08:47.385Z', 'enumeration': 'CVE', 'id': 'CVE-2023-27043', 'published_at': '2023-04-19T00:15:07Z', 'reference': 'https://github.com/python/cpython/issues/102988, http://python.org, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOX7BCN6YL7B3RFPEEXPIU5CMTEHJOKR/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/, https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html, https://security.netapp.com/advisory/ntap-20230601-0003/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'Interactive high-level object-oriented language (version 3.10)', 'name': 'python3.10', 'size': 633, 'type': 'deb', 'version': '3.10.12-1~22.04.4'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won\'t initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)', 'detected_at': '2024-07-19T15:08:47.385Z', 'enumeration': 'CVE', 'id': 'CVE-2023-40217', 'published_at': '2023-08-25T01:15:09Z', 'reference': 'https://www.python.org/dev/security/, https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html, https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html, https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/, https://security.netapp.com/advisory/ntap-20231006-0014/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'name': 'urllib3', 'path': '/usr/lib/python3/dist-packages/urllib3-1.26.5.egg-info/PKG-INFO', 'size': 0, 'type': 'pypi', 'version': '1.26.5'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': "urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.", 'detected_at': '2024-07-19T15:08:47.557Z', 'enumeration': 'CVE', 'id': 'CVE-2023-45803', 'published_at': '2023-10-17T20:15:10Z', 'reference': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/, https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9, https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4, https://www.rfc-editor.org/rfc/rfc9110.html#name-get, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 4.2, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'name': 'urllib3', 'path': '/usr/lib/python3/dist-packages/urllib3-1.26.5.egg-info/PKG-INFO', 'size': 0, 'type': 'pypi', 'version': '1.26.5'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': "urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.", 'detected_at': '2024-07-19T15:08:47.557Z', 'enumeration': 'CVE', 'id': 'CVE-2023-43804', 'published_at': '2023-10-04T17:15:10Z', 'reference': 'https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ/, https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb, https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d, https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.9, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'name': 'requests', 'path': '/usr/lib/python3/dist-packages/requests-2.25.1.egg-info/PKG-INFO', 'size': 0, 'type': 'pypi', 'version': '2.25.1'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.', 'detected_at': '2024-07-19T15:08:47.611Z', 'enumeration': 'CVE', 'id': 'CVE-2023-32681', 'published_at': '2023-05-26T18:15:14Z', 'reference': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/, https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5, https://github.com/psf/requests/releases/tag/v2.31.0, https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q, https://lists.debian.org/debian-lts-announce/2023/06/msg00018.html, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYASTZDGQG2BWLSNBPL3TQRL2G7QYNZ/, https://security.gentoo.org/glsa/202309-08', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 6.1, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'name': 'Jinja2', 'path': '/usr/lib/python3/dist-packages/Jinja2-3.0.3.egg-info/PKG-INFO', 'size': 0, 'type': 'pypi', 'version': '3.0.3'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.', 'detected_at': '2024-07-19T15:08:47.626Z', 'enumeration': 'CVE', 'id': 'CVE-2024-22195', 'published_at': '2024-01-11T03:15:11Z', 'reference': 'https://github.com/pallets/jinja/releases/tag/3.1.3, https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95, https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.4, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'Tool to administer Linux MD arrays (software RAID)', 'name': 'mdadm', 'size': 1182, 'type': 'deb', 'version': '4.2-0ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.', 'detected_at': '2024-07-19T15:08:47.641Z', 'enumeration': 'CVE', 'id': 'CVE-2023-28938', 'published_at': '2023-08-11T03:15:27Z', 'reference': 'http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 4.4, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'Tool to administer Linux MD arrays (software RAID)', 'name': 'mdadm', 'size': 1182, 'type': 'deb', 'version': '4.2-0ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.', 'detected_at': '2024-07-19T15:08:47.641Z', 'enumeration': 'CVE', 'id': 'CVE-2023-28736', 'published_at': '2023-08-11T03:15:25Z', 'reference': 'http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 6.7, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'name': 'configobj', 'path': '/usr/lib/python3/dist-packages/configobj-5.0.6.egg-info/PKG-INFO', 'size': 0, 'type': 'pypi', 'version': '5.0.6'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\).\r\r**Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.\r\r', 'detected_at': '2024-07-19T15:08:47.727Z', 'enumeration': 'CVE', 'id': 'CVE-2023-26112', 'published_at': '2023-04-03T05:15:07Z', 'reference': 'https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494, https://github.com/DiffSK/configobj/issues/232, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BO4RLMYEJODCNUE3DJIIUUFVTPAG6VN/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZHY7B33EFY4LESP2NI4APQUPRROTAZK/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYU4IHVLOTYMFPH7KDOJGKZQR4GKWPFK/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.9, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'name': 'cryptography', 'path': '/usr/lib/python3/dist-packages/cryptography-3.4.8.egg-info/PKG-INFO', 'size': 0, 'type': 'pypi', 'version': '3.4.8'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.', 'detected_at': '2024-07-19T15:08:47.740Z', 'enumeration': 'CVE', 'id': 'CVE-2023-49083', 'published_at': '2023-11-29T19:15:07Z', 'reference': 'https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97, https://github.com/pyca/cryptography/pull/9926, https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.9, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'name': 'cryptography', 'path': '/usr/lib/python3/dist-packages/cryptography-3.4.8.egg-info/PKG-INFO', 'size': 0, 'type': 'pypi', 'version': '3.4.8'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack  Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly.  A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue.  OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass().  We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant.  The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.', 'detected_at': '2024-07-19T15:08:47.741Z', 'enumeration': 'CVE', 'id': 'CVE-2024-0727', 'published_at': '2024-01-26T09:15:07Z', 'reference': 'https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2, https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a, https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c, https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8, https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539, https://www.openssl.org/news/secadv/20240125.txt, http://www.openwall.com/lists/oss-security/2024/03/11/1, https://security.netapp.com/advisory/ntap-20240208-0006/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.5, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'name': 'cryptography', 'path': '/usr/lib/python3/dist-packages/cryptography-3.4.8.egg-info/PKG-INFO', 'size': 0, 'type': 'pypi', 'version': '3.4.8'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.', 'detected_at': '2024-07-19T15:08:47.741Z', 'enumeration': 'CVE', 'id': 'CVE-2023-23931', 'published_at': '2023-02-07T21:15:09Z', 'reference': 'https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r, https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 4.8, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'all', 'description': 'Firmware for Linux kernel drivers', 'name': 'linux-firmware', 'size': 1038625, 'type': 'deb', 'version': '20220329.git681281e4-0ubuntu3.31'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.', 'detected_at': '2024-07-19T15:08:47.756Z', 'enumeration': 'CVE', 'id': 'CVE-2020-12313', 'published_at': '2020-11-13T20:15:15Z', 'reference': 'https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.8, 'version': '2.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'all', 'description': 'Firmware for Linux kernel drivers', 'name': 'linux-firmware', 'size': 1038625, 'type': 'deb', 'version': '20220329.git681281e4-0ubuntu3.31'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.', 'detected_at': '2024-07-19T15:08:47.756Z', 'enumeration': 'CVE', 'id': 'CVE-2023-4969', 'published_at': '2024-01-16T17:15:08Z', 'reference': 'https://blog.trailofbits.com, https://registry.khronos.org/OpenCL/specs/3.0-unified/html/OpenCL_API.html#_fundamental_memory_regions, https://kb.cert.org/vuls/id/446598, https://www.kb.cert.org/vuls/id/446598, https://registry.khronos.org/vulkan/specs/1.3-extensions/html/index.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 6.5, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'Minimal subset of the Python language (version 3.10)', 'name': 'python3.10-minimal', 'size': 5898, 'type': 'deb', 'version': '3.10.12-1~22.04.4'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won\'t initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)', 'detected_at': '2024-07-19T15:08:47.793Z', 'enumeration': 'CVE', 'id': 'CVE-2023-40217', 'published_at': '2023-08-25T01:15:09Z', 'reference': 'https://www.python.org/dev/security/, https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html, https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html, https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/, https://security.netapp.com/advisory/ntap-20231006-0014/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'Shared Python runtime library (version 3.10)', 'name': 'libpython3.10', 'size': 5768, 'type': 'deb', 'version': '3.10.12-1~22.04.4'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won\'t initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)', 'detected_at': '2024-07-19T15:08:47.809Z', 'enumeration': 'CVE', 'id': 'CVE-2023-40217', 'published_at': '2023-08-25T01:15:09Z', 'reference': 'https://www.python.org/dev/security/, https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html, https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html, https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/, https://security.netapp.com/advisory/ntap-20231006-0014/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'fast, scalable, distributed revision control system', 'name': 'git', 'size': 18484, 'type': 'deb', 'version': '1:2.34.1-1ubuntu1.11'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).', 'detected_at': '2024-07-19T15:08:47.825Z', 'enumeration': 'CVE', 'id': 'CVE-2018-1000021', 'published_at': '2018-02-09T23:29:00Z', 'reference': 'http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 6.8, 'version': '2.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'Apply a diff file to an original', 'name': 'patch', 'size': 229, 'type': 'deb', 'version': '2.7.6-7build2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.', 'detected_at': '2024-07-19T15:08:47.873Z', 'enumeration': 'CVE', 'id': 'CVE-2021-45261', 'published_at': '2021-12-22T18:15:08Z', 'reference': 'https://savannah.gnu.org/bugs/?61685', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 4.3, 'version': '2.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'Apply a diff file to an original', 'name': 'patch', 'size': 229, 'type': 'deb', 'version': '2.7.6-7build2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.', 'detected_at': '2024-07-19T15:08:47.873Z', 'enumeration': 'CVE', 'id': 'CVE-2018-6952', 'published_at': '2018-02-13T19:29:00Z', 'reference': 'http://www.securityfocus.com/bid/103047, https://savannah.gnu.org/bugs/index.php?53133, https://access.redhat.com/errata/RHSA-2019:2033, https://security.gentoo.org/glsa/201904-17', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.0, 'version': '2.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'name': 'idna', 'path': '/usr/lib/python3/dist-packages/idna-3.3.egg-info/PKG-INFO', 'size': 0, 'type': 'pypi', 'version': '3.3'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': "A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.", 'detected_at': '2024-07-19T15:08:47.874Z', 'enumeration': 'CVE', 'id': 'CVE-2024-3651', 'published_at': '2024-07-07T18:15:09Z', 'reference': 'https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb, https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 6.2, 'version': '3.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'Firmware update daemon', 'name': 'fwupd', 'size': 6736, 'type': 'deb', 'version': '1.7.9-1~22.04.3'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.', 'detected_at': '2024-07-19T15:08:47.922Z', 'enumeration': 'CVE', 'id': 'CVE-2022-3287', 'published_at': '2022-09-28T20:15:18Z', 'reference': 'https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 6.5, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'description': 'Daemon and tooling that enable snap packages', 'name': 'snapd', 'path': '/snap/snapd', 'size': 40714240, 'type': 'snap', 'version': '2.63'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.', 'detected_at': '2024-07-19T15:08:47.961Z', 'enumeration': 'CVE', 'id': 'CVE-2022-28948', 'published_at': '2022-05-19T20:15:10Z', 'reference': 'https://github.com/go-yaml/yaml/issues/666, https://security.netapp.com/advisory/ntap-20220923-0006/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.0, 'version': '2.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'Header files and a static library for Python (v3.10)', 'name': 'python3.10-dev', 'size': 511, 'type': 'deb', 'version': '3.10.12-1~22.04.4'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won\'t initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)', 'detected_at': '2024-07-19T15:08:47.968Z', 'enumeration': 'CVE', 'id': 'CVE-2023-40217', 'published_at': '2023-08-25T01:15:09Z', 'reference': 'https://www.python.org/dev/security/, https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html, https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html, https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/, https://security.netapp.com/advisory/ntap-20231006-0014/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'name': 'PyJWT', 'path': '/usr/lib/python3/dist-packages/PyJWT-2.3.0.egg-info/PKG-INFO', 'size': 0, 'type': 'pypi', 'version': '2.3.0'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.', 'detected_at': '2024-07-19T15:08:48.005Z', 'enumeration': 'CVE', 'id': 'CVE-2022-29217', 'published_at': '2022-05-24T15:15:07Z', 'reference': 'https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24, https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc, https://github.com/jpadilla/pyjwt/releases/tag/2.4.0, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PK7IQCBVNLYJEFTPHBBPFP72H4WUFNX/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HIYEYZRQEP6QTHT3EHH3RGFYJIHIMAO/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.0, 'version': '2.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'Daemon and tooling that enable snap packages', 'name': 'snapd', 'size': 101484, 'type': 'deb', 'version': '2.63+22.04'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.', 'detected_at': '2024-07-19T15:08:48.061Z', 'enumeration': 'CVE', 'id': 'CVE-2022-28948', 'published_at': '2022-05-19T20:15:10Z', 'reference': 'https://github.com/go-yaml/yaml/issues/666, https://security.netapp.com/advisory/ntap-20220923-0006/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.0, 'version': '2.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'retrieves files from the web', 'name': 'wget', 'size': 928, 'type': 'deb', 'version': '1.21.2-2ubuntu1.1'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.', 'detected_at': '2024-07-19T15:08:48.141Z', 'enumeration': 'CVE', 'id': 'CVE-2021-31879', 'published_at': '2021-04-29T05:15:08Z', 'reference': 'https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html, https://security.netapp.com/advisory/ntap-20210618-0002/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.8, 'version': '2.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'GNU assembler, linker and binary utilities', 'name': 'binutils', 'size': 113, 'type': 'deb', 'version': '2.38-4ubuntu2.6'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.', 'detected_at': '2024-07-19T15:08:48.176Z', 'enumeration': 'CVE', 'id': 'CVE-2019-1010204', 'published_at': '2019-07-23T14:15:13Z', 'reference': 'https://sourceware.org/bugzilla/show_bug.cgi?id=23765, https://security.netapp.com/advisory/ntap-20190822-0001/, https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 4.3, 'version': '2.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'GNU assembler, linker and binary utilities', 'name': 'binutils', 'size': 113, 'type': 'deb', 'version': '2.38-4ubuntu2.6'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.', 'detected_at': '2024-07-19T15:08:48.177Z', 'enumeration': 'CVE', 'id': 'CVE-2022-48064', 'published_at': '2023-08-22T19:16:30Z', 'reference': 'https://sourceware.org/bugzilla/show_bug.cgi?id=29922, https://security.netapp.com/advisory/ntap-20231006-0008/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/, https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.5, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'GNU assembler, linker and binary utilities', 'name': 'binutils', 'size': 113, 'type': 'deb', 'version': '2.38-4ubuntu2.6'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.', 'detected_at': '2024-07-19T15:08:48.177Z', 'enumeration': 'CVE', 'id': 'CVE-2022-27943', 'published_at': '2022-03-26T13:15:07Z', 'reference': 'https://sourceware.org/bugzilla/show_bug.cgi?id=28995, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 4.3, 'version': '2.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'GNU assembler, linker and binary utilities', 'name': 'binutils', 'size': 113, 'type': 'deb', 'version': '2.38-4ubuntu2.6'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.', 'detected_at': '2024-07-19T15:08:48.177Z', 'enumeration': 'CVE', 'id': 'CVE-2018-20657', 'published_at': '2019-01-02T14:29:00Z', 'reference': 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539, https://support.f5.com/csp/article/K62602089, http://www.securityfocus.com/bid/106444, https://access.redhat.com/errata/RHSA-2019:3352', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.0, 'version': '2.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'Header files and a static library for Python (v3.10)', 'name': 'libpython3.10-dev', 'size': 20415, 'type': 'deb', 'version': '3.10.12-1~22.04.4'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won\'t initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)', 'detected_at': '2024-07-19T15:08:48.186Z', 'enumeration': 'CVE', 'id': 'CVE-2023-40217', 'published_at': '2023-08-25T01:15:09Z', 'reference': 'https://www.python.org/dev/security/, https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html, https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html, https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/, https://security.netapp.com/advisory/ntap-20231006-0014/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'GNU cpio -- a program to manage archives of files', 'name': 'cpio', 'size': 328, 'type': 'deb', 'version': '2.13+dfsg-7ubuntu0.1'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks.', 'detected_at': '2024-07-19T15:08:48.198Z', 'enumeration': 'CVE', 'id': 'CVE-2023-7216', 'published_at': '2024-02-05T15:15:08Z', 'reference': 'https://bugzilla.redhat.com/show_bug.cgi?id=2249901, https://access.redhat.com/security/cve/CVE-2023-7216', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'Interactive high-level object-oriented language (standard library, version 3.10)', 'name': 'libpython3.10-stdlib', 'size': 8119, 'type': 'deb', 'version': '3.10.12-1~22.04.4'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won\'t initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)', 'detected_at': '2024-07-19T15:08:48.205Z', 'enumeration': 'CVE', 'id': 'CVE-2023-40217', 'published_at': '2023-08-25T01:15:09Z', 'reference': 'https://www.python.org/dev/security/, https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html, https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html, https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/, https://security.netapp.com/advisory/ntap-20231006-0014/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'simple interprocess messaging system (daemon and utilities)', 'name': 'dbus', 'size': 582, 'type': 'deb', 'version': '1.12.20-2ubuntu4.1'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.', 'detected_at': '2024-07-19T15:08:48.242Z', 'enumeration': 'CVE', 'id': 'CVE-2023-34969', 'published_at': '2023-06-08T03:15:08Z', 'reference': 'https://gitlab.freedesktop.org/dbus/dbus/-/issues/457, https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/, https://security.netapp.com/advisory/ntap-20231208-0007/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 6.5, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'XZ-format compression utilities', 'name': 'xz-utils', 'size': 372, 'type': 'deb', 'version': '5.2.5-2ubuntu1'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.', 'detected_at': '2024-07-19T15:08:48.262Z', 'enumeration': 'CVE', 'id': 'CVE-2020-22916', 'published_at': '2023-08-22T19:16:19Z', 'reference': 'https://github.com/snappyJack/CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability, https://tukaani.org/xz/, http://web.archive.org/web/20230918084612/https://github.com/snappyJack/CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability, https://bugzilla.redhat.com/show_bug.cgi?id=2234987, https://bugzilla.suse.com/show_bug.cgi?id=1214590, https://github.com/tukaani-project/xz/issues/61, https://security-tracker.debian.org/tracker/CVE-2020-22916', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.5, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'Minimal subset of the Python language (version 3.10)', 'name': 'libpython3.10-minimal', 'size': 5106, 'type': 'deb', 'version': '3.10.12-1~22.04.4'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won\'t initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)', 'detected_at': '2024-07-19T15:08:48.283Z', 'enumeration': 'CVE', 'id': 'CVE-2023-40217', 'published_at': '2023-08-25T01:15:09Z', 'reference': 'https://www.python.org/dev/security/, https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html, https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html, https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/, https://security.netapp.com/advisory/ntap-20231006-0014/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'GNU C compiler', 'name': 'gcc-11', 'size': 52747, 'type': 'deb', 'version': '11.4.0-1ubuntu1~22.04'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.', 'detected_at': '2024-07-19T15:08:48.296Z', 'enumeration': 'CVE', 'id': 'CVE-2021-3826', 'published_at': '2022-09-01T21:15:08Z', 'reference': 'https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505, https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 6.5, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'GNU C compiler', 'name': 'gcc-11', 'size': 52747, 'type': 'deb', 'version': '11.4.0-1ubuntu1~22.04'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.', 'detected_at': '2024-07-19T15:08:48.296Z', 'enumeration': 'CVE', 'id': 'CVE-2022-27943', 'published_at': '2022-03-26T13:15:07Z', 'reference': 'https://sourceware.org/bugzilla/show_bug.cgi?id=28995, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 4.3, 'version': '2.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'architecture': 'amd64', 'description': 'GNU C compiler', 'name': 'gcc-11', 'size': 52747, 'type': 'deb', 'version': '11.4.0-1ubuntu1~22.04'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.', 'detected_at': '2024-07-19T15:08:48.296Z', 'enumeration': 'CVE', 'id': 'CVE-2021-46195', 'published_at': '2022-01-14T20:15:15Z', 'reference': 'https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 4.3, 'version': '2.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}, {'agent': {'id': '005', 'name': 'compliance-docker', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04.4 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-113-generic', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04.4'}}, 'package': {'name': 'oauthlib', 'path': '/usr/lib/python3/dist-packages/oauthlib-3.2.0.egg-info/PKG-INFO', 'size': 0, 'type': 'pypi', 'version': '3.2.0'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.', 'detected_at': '2024-07-19T15:08:48.339Z', 'enumeration': 'CVE', 'id': 'CVE-2022-36087', 'published_at': '2022-09-09T21:15:08Z', 'reference': 'https://github.com/oauthlib/oauthlib/security/advisories/GHSA-3pgj-pg6c-r5p7, https://github.com/oauthlib/oauthlib/blob/2b8a44855a51ad5a5b0c348a08c2564a2e197ea2/oauthlib/uri_validate.py, https://github.com/oauthlib/oauthlib/blob/d4bafd9f1d0eba3766e933b1ac598cbbf37b8914/oauthlib/oauth2/rfc6749/grant_types/base.py#L232, https://github.com/oauthlib/oauthlib/commit/2e40b412c844ecc4673c3fa3f72181f228bdbacd, https://github.com/oauthlib/oauthlib/releases/tag/v3.2.1, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXOPIA6M57CFQPUT6HHSNXCTV6QA3UDI/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBCQJR3ZF7FVNTJYRVPVSQEQRAYZIUHU/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRYLYHE5HWF6R2CRLJFUK4PILR47WXOE/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2CQZM5CKOUM4GW2GTAPQEQFPITQ6F7S/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.7, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuhserver'}, 'schema': {'version': '1.0.0'}}}]
2024-07-20 01:44:20.198 | INFO     | app.db.db_session:get_db_session:181 - DB session created
2024-07-20 01:44:20.198 | INFO     | app.agents.routes.agents:get_agents:158 - Fetching all agents
2024-07-20 01:44:20.211 | INFO     | app.db.db_session:get_db_session:189 - Closing DB session
2024-07-20 01:45:40.890 | INFO     | app.agents.routes.agents:sync_all_agents:287 - Syncing agents as part of scheduled job
2024-07-20 01:45:40.891 | INFO     | app.agents.wazuh.services.agents:collect_wazuh_agents:22 - Collecting all agents from Wazuh Manager
2024-07-20 01:45:40.891 | INFO     | app.connectors.wazuh_manager.utils.universal:send_get_request:141 - Sending GET request to /agents
2024-07-20 01:45:40.891 | INFO     | app.connectors.wazuh_manager.utils.universal:create_wazuh_manager_client:85 - Getting Wazuh Manager authentication token
2024-07-20 01:45:40.891 | INFO     | app.connectors.utils:get_connector_info_from_db:29 - Fetching connector Wazuh-Manager from database
2024-07-20 01:45:40.897 | INFO     | app.connectors.wazuh_manager.utils.universal:create_wazuh_manager_client:92 - Verifying the wazuh-manager connection to https://10.255.2.246:55000
/opt/venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1056: InsecureRequestWarning: Unverified HTTPS request is being made to host '10.255.2.246'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  warnings.warn(
2024-07-20 01:45:41.456 | DEBUG    | app.connectors.wazuh_manager.utils.universal:create_wazuh_manager_client:106 - Wazuh Authentication Token successful
2024-07-20 01:45:41.457 | INFO     | app.connectors.utils:get_connector_info_from_db:29 - Fetching connector Wazuh-Manager from database
/opt/venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1056: InsecureRequestWarning: Unverified HTTPS request is being made to host '10.255.2.246'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  warnings.warn(
/opt/venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1056: InsecureRequestWarning: Unverified HTTPS request is being made to host '10.255.2.246'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  warnings.warn(
2024-07-20 01:45:41.552 | INFO     | app.agents.services.sync:sync_agents_wazuh:249 - Collected Wazuh Agents: agents=[WazuhAgent(agent_id='000', agent_name='wazuhserver', agent_ip='127.0.0.1', agent_os='Amazon Linux', agent_label='Unknown', agent_last_seen='9999-12-31T23:59:59+00:00', wazuh_agent_version='Wazuh v4.8.0', wazuh_agent_status='active'), WazuhAgent(agent_id='005', agent_name='compliance-docker', agent_ip='10.255.2.47', agent_os='Ubuntu', agent_label='docker', agent_last_seen='2024-07-20T01:45:37+00:00', wazuh_agent_version='Wazuh v4.8.0', wazuh_agent_status='active'), WazuhAgent(agent_id='006', agent_name='rdp-luanntd', agent_ip='10.255.2.56', agent_os='Microsoft Windows Server 2022 Standard', agent_label='bastion_rdp', agent_last_seen='2024-07-20T01:45:37+00:00', wazuh_agent_version='Wazuh v4.8.0', wazuh_agent_status='active'), WazuhAgent(agent_id='007', agent_name='rdp-toaitc', agent_ip='10.255.2.83', agent_os='Microsoft Windows Server 2022 Standard', agent_label='bastion_rdp', agent_last_seen='2024-07-20T01:45:39+00:00', wazuh_agent_version='Wazuh v4.8.0', wazuh_agent_status='active'), WazuhAgent(agent_id='008', agent_name='rdp-tramlvn', agent_ip='10.255.2.52', agent_os='Microsoft Windows Server 2022 Standard', agent_label='bastion_rdp', agent_last_seen='2024-07-20T01:45:40+00:00', wazuh_agent_version='Wazuh v4.8.0', wazuh_agent_status='active'), WazuhAgent(agent_id='009', agent_name='rdp-hoangdt', agent_ip='10.255.2.54', agent_os='Microsoft Windows Server 2022 Standard', agent_label='bastion_rdp', agent_last_seen='2024-07-20T01:45:32+00:00', wazuh_agent_version='Wazuh v4.8.0', wazuh_agent_status='active'), WazuhAgent(agent_id='010', agent_name='rdp-trungpm', agent_ip='10.255.2.55', agent_os='Microsoft Windows Server 2022 Standard', agent_label='bastion_rdp', agent_last_seen='2024-07-20T01:45:36+00:00', wazuh_agent_version='Wazuh v4.8.0', wazuh_agent_status='active'), WazuhAgent(agent_id='011', agent_name='rdp-tuch', agent_ip='10.255.2.53', agent_os='Microsoft Windows Server 2022 Standard', agent_label='bastion_rdp', agent_last_seen='2024-07-20T01:45:35+00:00', wazuh_agent_version='Wazuh v4.8.0', wazuh_agent_status='active')] success=True message='Agents collected successfully'
2024-07-20 01:45:41.552 | INFO     | app.db.db_session:get_db_session:181 - DB session created
2024-07-20 01:45:41.556 | INFO     | app.agents.services.sync:update_wazuh_agent_in_db:151 - Agent wazuhserver updated in the database
2024-07-20 01:45:41.561 | INFO     | app.agents.services.sync:update_wazuh_agent_in_db:151 - Agent compliance-docker updated in the database
2024-07-20 01:45:41.565 | INFO     | app.agents.services.sync:add_wazuh_agent_in_db:121 - Adding agent rdp-luanntd to the database
2024-07-20 01:45:41.567 | ERROR    | app.agents.services.sync:add_wazuh_agent_in_db:125 - Failed to add agent rdp-luanntd to the database: (pymysql.err.IntegrityError) (1452, 'Cannot add or update a child row: a foreign key constraint fails (`copilot`.`agents`, CONSTRAINT `agents_ibfk_1` FOREIGN KEY (`customer_code`) REFERENCES `customers` (`customer_code`))')
[SQL: INSERT INTO agents (agent_id, ip_address, os, hostname, label, critical_asset, wazuh_last_seen, velociraptor_id, velociraptor_last_seen, wazuh_agent_version, wazuh_agent_status, velociraptor_agent_version, customer_code, quarantined, velociraptor_org) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)]
[parameters: ('006', '10.255.2.56', 'Microsoft Windows Server 2022 Standard', 'rdp-luanntd', 'bastion_rdp', 0, datetime.datetime(2024, 7, 20, 1, 45, 37), None, None, 'Wazuh v4.8.0', 'active', None, 'rdp', 0, None)]
(Background on this error at: https://sqlalche.me/e/14/gkpj)
2024-07-20 01:45:41.568 | ERROR    | app.db.db_session:get_db_session:185 - Error during DB session: 
2024-07-20 01:45:41.568 | INFO     | app.db.db_session:get_db_session:189 - Closing DB session
2024-07-20 01:49:26.832 | INFO     | app.agents.routes.agents:sync_all_agents:287 - Syncing agents as part of scheduled job
2024-07-20 01:49:26.832 | INFO     | app.agents.wazuh.services.agents:collect_wazuh_agents:22 - Collecting all agents from Wazuh Manager
2024-07-20 01:49:26.833 | INFO     | app.connectors.wazuh_manager.utils.universal:send_get_request:141 - Sending GET request to /agents
2024-07-20 01:49:26.833 | INFO     | app.connectors.wazuh_manager.utils.universal:create_wazuh_manager_client:85 - Getting Wazuh Manager authentication token
2024-07-20 01:49:26.833 | INFO     | app.connectors.utils:get_connector_info_from_db:29 - Fetching connector Wazuh-Manager from database
2024-07-20 01:49:26.841 | INFO     | app.connectors.wazuh_manager.utils.universal:create_wazuh_manager_client:92 - Verifying the wazuh-manager connection to https://10.255.2.246:55000
/opt/venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1056: InsecureRequestWarning: Unverified HTTPS request is being made to host '10.255.2.246'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  warnings.warn(
2024-07-20 01:49:27.456 | DEBUG    | app.connectors.wazuh_manager.utils.universal:create_wazuh_manager_client:106 - Wazuh Authentication Token successful
2024-07-20 01:49:27.457 | INFO     | app.connectors.utils:get_connector_info_from_db:29 - Fetching connector Wazuh-Manager from database
/opt/venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1056: InsecureRequestWarning: Unverified HTTPS request is being made to host '10.255.2.246'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  warnings.warn(
/opt/venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1056: InsecureRequestWarning: Unverified HTTPS request is being made to host '10.255.2.246'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  warnings.warn(
2024-07-20 01:49:27.552 | INFO     | app.agents.services.sync:sync_agents_wazuh:249 - Collected Wazuh Agents: agents=[WazuhAgent(agent_id='000', agent_name='wazuhserver', agent_ip='127.0.0.1', agent_os='Amazon Linux', agent_label='Unknown', agent_last_seen='9999-12-31T23:59:59+00:00', wazuh_agent_version='Wazuh v4.8.0', wazuh_agent_status='active'), WazuhAgent(agent_id='005', agent_name='compliance-docker', agent_ip='10.255.2.47', agent_os='Ubuntu', agent_label='docker', agent_last_seen='2024-07-20T01:49:17+00:00', wazuh_agent_version='Wazuh v4.8.0', wazuh_agent_status='active'), WazuhAgent(agent_id='006', agent_name='rdp-luanntd', agent_ip='10.255.2.56', agent_os='Microsoft Windows Server 2022 Standard', agent_label='bastion_rdp', agent_last_seen='2024-07-20T01:49:18+00:00', wazuh_agent_version='Wazuh v4.8.0', wazuh_agent_status='active'), WazuhAgent(agent_id='007', agent_name='rdp-toaitc', agent_ip='10.255.2.83', agent_os='Microsoft Windows Server 2022 Standard', agent_label='bastion_rdp', agent_last_seen='2024-07-20T01:49:20+00:00', wazuh_agent_version='Wazuh v4.8.0', wazuh_agent_status='active'), WazuhAgent(agent_id='008', agent_name='rdp-tramlvn', agent_ip='10.255.2.52', agent_os='Microsoft Windows Server 2022 Standard', agent_label='bastion_rdp', agent_last_seen='2024-07-20T01:49:20+00:00', wazuh_agent_version='Wazuh v4.8.0', wazuh_agent_status='active'), WazuhAgent(agent_id='009', agent_name='rdp-hoangdt', agent_ip='10.255.2.54', agent_os='Microsoft Windows Server 2022 Standard', agent_label='bastion_rdp', agent_last_seen='2024-07-20T01:49:22+00:00', wazuh_agent_version='Wazuh v4.8.0', wazuh_agent_status='active'), WazuhAgent(agent_id='010', agent_name='rdp-trungpm', agent_ip='10.255.2.55', agent_os='Microsoft Windows Server 2022 Standard', agent_label='bastion_rdp', agent_last_seen='2024-07-20T01:49:26+00:00', wazuh_agent_version='Wazuh v4.8.0', wazuh_agent_status='active'), WazuhAgent(agent_id='011', agent_name='rdp-tuch', agent_ip='10.255.2.53', agent_os='Microsoft Windows Server 2022 Standard', agent_label='bastion_rdp', agent_last_seen='2024-07-20T01:49:25+00:00', wazuh_agent_version='Wazuh v4.8.0', wazuh_agent_status='active')] success=True message='Agents collected successfully'
2024-07-20 01:49:27.553 | INFO     | app.db.db_session:get_db_session:181 - DB session created
2024-07-20 01:49:27.557 | INFO     | app.agents.services.sync:update_wazuh_agent_in_db:151 - Agent wazuhserver updated in the database
2024-07-20 01:49:27.562 | INFO     | app.agents.services.sync:update_wazuh_agent_in_db:151 - Agent compliance-docker updated in the database
2024-07-20 01:49:27.564 | INFO     | app.agents.services.sync:add_wazuh_agent_in_db:121 - Adding agent rdp-luanntd to the database
2024-07-20 01:49:27.567 | ERROR    | app.agents.services.sync:add_wazuh_agent_in_db:125 - Failed to add agent rdp-luanntd to the database: (pymysql.err.IntegrityError) (1452, 'Cannot add or update a child row: a foreign key constraint fails (`copilot`.`agents`, CONSTRAINT `agents_ibfk_1` FOREIGN KEY (`customer_code`) REFERENCES `customers` (`customer_code`))')
[SQL: INSERT INTO agents (agent_id, ip_address, os, hostname, label, critical_asset, wazuh_last_seen, velociraptor_id, velociraptor_last_seen, wazuh_agent_version, wazuh_agent_status, velociraptor_agent_version, customer_code, quarantined, velociraptor_org) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)]
[parameters: ('006', '10.255.2.56', 'Microsoft Windows Server 2022 Standard', 'rdp-luanntd', 'bastion_rdp', 0, datetime.datetime(2024, 7, 20, 1, 49, 18), None, None, 'Wazuh v4.8.0', 'active', None, 'rdp', 0, None)]
(Background on this error at: https://sqlalche.me/e/14/gkpj)
2024-07-20 01:49:27.568 | ERROR    | app.db.db_session:get_db_session:185 - Error during DB session: 
2024-07-20 01:49:27.568 | INFO     | app.db.db_session:get_db_session:189 - Closing DB session

[taylorwalton]

Hey @sakkarose - have you deployed the customer?

[sakkarose]

If it's for internal uses only, do I have to in order to make CoPilot works normally. @taylorwalton

[taylorwalton]

Yes, you still need to deploy the customer even if there is only 1 customer (yourself)