MiguelazoDS
commented
1 week ago Hi @gitusr-gcar,
Indeed, this is considering a package with the same name but a different vendor.
https://nvd.nist.gov/vuln/detail/CVE-2023-27482
The RH CVEs feed does not report anything about this CVE so this should be considered not vulnerable.
To overcome this kind of problem, we are refactoring the vulnerability scanner. Now the CVE content will be sanitized before the manager uses it.
https://github.com/wazuh/wazuh/issues/14153
We'll have this issue in mind to avoid repeating the same behavior. Thanks for reporting this.
There appears to be a false positive related to CVE-2023-27482. In my installation, there is a CentOS 7 server running the "supervisord" process (see http://supervisord.org/) version 4.2.1-1.el7, which is erroneously associated with the CVE-2023-27482 vulnerability which is instead related to a "supervisor" component in the Home Automation application (condition: "Package less than 2023.03.1").