Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add KEV information to v6 DB #2464

Merged
merged 7 commits into from
Feb 21, 2025
Merged

Add KEV information to v6 DB #2464

merged 7 commits into from
Feb 21, 2025

Conversation

wagoodman
Copy link
Contributor

@wagoodman wagoodman commented Feb 19, 2025
edited
Loading

This PR adds the CISA KEV data shape to the DB as a new table and plumbs through VulnerabilityMetadata calls to attach matching KEV entries for a given vulnerability.

This adds a new vulnerability.knownExploited[] array to the JSON output:

$ grype 'cpe:2.3:a:zohocorp:manageengine_desktop_central:1' -o json | jq '.matches[] | select(.vulnerability.id == "CVE-2020-10189").vulnerability.knownExploited'
 ✔ Scanned for vulnerabilities     [0 vulnerability matches]  
   ├── by severity: 10 critical, 10 high, 5 medium, 0 low, 0 negligible
   └── by status:   19 fixed, 6 not-fixed, 0 ignored 

[
  {
    "cve": "CVE-2020-10189",
    "vendorProject": "Zoho",
    "product": "ManageEngine",
    "dateAdded": "2021-11-03",
    "requiredAction": "Apply updates per vendor instructions.",
    "dueDate": "2022-05-03",
    "knownRansomwareCampaignUse": "unknown",
    "urls": [
      "https://nvd.nist.gov/vuln/detail/CVE-2020-10189"
    ],
    "cwes": [
      "CWE-502"
    ]
  }
]

I've removed the KEV vulnerabilityName and shortDescription from the DB and grype output as it is redundant to the NVD data; here's the removed values for the above record as an example:

{
  "vulnerabilityName": "Zoho ManageEngine Desktop Central File Upload Vulnerability",
  "shortDescription": "Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution."
}

Partially addresses #1511

@wagoodman wagoodman mentioned this pull request Feb 19, 2025
Merged
@wagoodman wagoodman requested a review from a team February 19, 2025 22:47
@wagoodman wagoodman self-assigned this Feb 20, 2025
@wagoodman wagoodman marked this pull request as ready for review February 21, 2025 13:04
@wagoodman
fix bad rebase
b363720 
Signed-off-by: Alex Goodman <[email protected]>
@wagoodman
use time.DateOnly constant
3f31a6a 
Signed-off-by: Alex Goodman <[email protected]>
@wagoodman
model version 0 is not valid
65bf2de 
Signed-off-by: Alex Goodman <[email protected]>
willmurphyscode
willmurphyscode approved these changes Feb 21, 2025
View reviewed changes
@wagoodman wagoodman enabled auto-merge (squash) February 21, 2025 20:02
@wagoodman wagoodman merged commit ca97633 into main Feb 21, 2025
10 checks passed
@wagoodman wagoodman deleted the add-kev branch February 21, 2025 20:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@willmurphyscode willmurphyscode willmurphyscode approved these changes

Assignees

@wagoodman wagoodman

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wagoodman @willmurphyscode