Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve/extend data extraction from advisories #337

Open
copernico opened this issue Oct 14, 2022 · 0 comments
Open

Improve/extend data extraction from advisories #337

copernico opened this issue Oct 14, 2022 · 0 comments
Assignees
@sacca97
Labels
assuremoss component/prospector improvement

Comments

@copernico
Copy link
Contributor

copernico commented Oct 14, 2022
edited
Loading

Case study: CVE-2020-1936

The description is simply: "A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4.".

Apparently hopeless, except that both of the two links that come with the NVD advisory contain the JIRA identifier AMBARI-25329.

Bingo!

Proposal

We should search the text of referenced pages for JIRA identifiers and treat them in the same way as we treat the direct links to JIRA pages.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sacca97 sacca97

Labels
assuremoss component/prospector improvement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@copernico @sacca97