Closed hossam1522 closed 3 weeks ago
Could be related to the translations:
We have reproduced a local environment utilizing the following Syscollector messages.
Through our investigation, we conducted an analysis with the following script
CVE-2017-16014
, which is a vulnerability of the http-proxy
NPM package.NVD Ref Grafana
CVE doesn't match due to default status.@GabrielEValenzuela Let's add the efficacy tests for these CVEs to align with the QA tests
Match found, the package 'node.js', is vulnerable to 'CVE-2021-44533'. Current version: '17.0.1' (less than '17.3.1' or equal to ''). - Agent '' (ID: '025', Version: '').
Match found, the package 'node.js', is vulnerable to 'CVE-2021-4044'. Current version: '17.0.1' (less than '17.3.0' or equal to ''). - Agent '' (ID: '025', Version: '').
Match found, the package 'grafana', is vulnerable to 'CVE-2022-23498'. Current version: '8.5.27' (less than '9.2.10' or equal to ''). - Agent '' (ID: '024', Version: '').
Match found, the package 'node.js', is vulnerable to 'CVE-2022-21824'. Current version: '17.0.1' (less than '17.3.1' or equal to ''). - Agent '' (ID: '025', Version: '').
Match found, the package 'node.js', is vulnerable to 'CVE-2021-44532'. Current version: '17.0.1' (less than '17.3.1' or equal to ''). - Agent '' (ID: '025', Version: '').
Match found, the package 'node.js', is vulnerable to 'CVE-2021-44531'. Current version: '17.0.1' (less than '17.3.1' or equal to ''). - Agent '' (ID: '025', Version: '').
No match due to default status for Package: grafana, Version: 8.5.27 while scanning for Vulnerability: CVE-2022-36062
No match due to default status for Package: grafana, Version: 8.5.27 while scanning for Vulnerability: CVE-2023-2183
No match due to default status for Package: grafana, Version: 8.5.27 while scanning for Vulnerability: CVE-2023-3128
No match due to default status for Package: grafana, Version: 8.5.27 while scanning for Vulnerability: CVE-2022-39324
No match due to default status for Package: grafana, Version: 8.5.27 while scanning for Vulnerability: CVE-2022-39307
No match due to default status for Package: grafana, Version: 8.5.27 while scanning for Vulnerability: CVE-2023-0507
No match due to default status for Package: grafana, Version: 8.5.27 while scanning for Vulnerability: CVE-2022-31107
No match due to default status for Package: grafana, Version: 8.5.27 while scanning for Vulnerability: CVE-2022-31123
No match due to default status for Package: grafana, Version: 8.5.27 while scanning for Vulnerability: CVE-2022-39306
No match due to default status for Package: grafana, Version: 8.5.27 while scanning for Vulnerability: CVE-2022-31130
No match due to default status for Package: grafana, Version: 8.5.27 while scanning for Vulnerability: CVE-2022-39201
No match due to default status for Package: grafana, Version: 8.5.27 while scanning for Vulnerability: CVE-2022-39229
No match due to default status for Package: grafana, Version: 8.5.27 while scanning for Vulnerability: CVE-2022-31097
No match due to default status for Package: grafana, Version: 8.5.27 while scanning for Vulnerability: CVE-2023-0594
No match due to default status for Package: grafana, Version: 8.5.27 while scanning for Vulnerability: CVE-2022-23552
No match due to default status for Package: grafana, Version: 8.5.27 while scanning for Vulnerability: CVE-2022-35957
The Grafana version used for the test seems not be affected by many of the CVEs tested against. For example (CVE-2022-39229)[https://nvd.nist.gov/vuln/detail/CVE-2022-39229]:
The result is the one expected:
No match due to default status for Package: grafana, Version: 8.5.27 while scanning for Vulnerability: CVE-2022-39229
We identify that there is no issue with the scanner, and all the expected CVEs are detected (this can be validated in the efficacy tests)
The conclusion is that this issue has to do with the tests themselves and not the scanner, we are moving this to 4.10.0
@GabrielEValenzuela Will further expand this on its report
We made the analysis based on the filtered log provided by @sebasfalcone , (Many thanks for the help!) and the output of the test case on #24986
CVE-2022-0778
Know issue https://github.com/wazuh/intelligence-platform/issues/1467
CVE-2022-32223
The platform is not in the list for Package: node.js, Version: 17.1.0, CVE: CVE-2022-32223, OS CPE: cpe:/o:microsoft:windows_10_22h2:10.0.19045:::::, OS code name:
🟢 All fine
🟢 All fine
We tested this tests locally with the latest content offsets, which are not yet in the current content snapshot
@ooniagbi Do we have an ETA for the next commit + snapshot generation?
We added all CVEs that QA reported into an efficacy test:
python -m pytest -k "run_process_and_monitor_log23" wazuh_modules/vulnerability_scanner/qa/
============================================================ test session starts =============================================================
platform linux -- Python 3.11.9, pytest-7.2.2, pluggy-1.5.0
rootdir: /home/gvalenzuela/Documents/Work/wazuh/src
collected 30 items / 29 deselected / 1 selected
wazuh_modules/vulnerability_scanner/qa/test_efficacy_log.py . [100%]
====================================================== 1 passed, 29 deselected in 2.34s ======================================================
We detect all of them, so we can safely close this issue
We are going to add these new tests in the next issue:
The results are positive in terms of the scanner, there is no efficacy problem, is this a testing issue?
Reopen you see some explicit problem with the product.
Description
While I was carrying out https://github.com/wazuh/wazuh-qa/issues/5608, after re-running the Vulnerability Detection E2E tests, it has been observed that:
Multiple expected vulnerabilities were not detected on the Windows and Ubuntu ARM agents (as noted in the missing vulnerabilities). This issue was consistent across all cases.
Missing vulnerabilities
Missing vulnerabilities in Windows and Ubuntu ARM agents
There is a general loss of vulnerabilities for Windows and Ubuntu ARM in the cases of Grafana and Node. We should investigate to find the source of this problem and solve it.
The evidence to support this information can be found in the section below.
Evidences