Project

General

Profile

Actions

Bug #21212

open

CVE display as severity 9.8 in Rudder whereas it's scored as 7.5 in CVE details

Added by Florent NEYRON 2 months ago. Updated 8 days ago.

Status:
New
Priority:
N/A
Assignee:
-
Category:
Security
Target version:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
It bothers me each time
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Priority:
44
Regression:
No

Description



Files

Actions #1

Updated by Florent NEYRON 2 months ago

  • UX impact set to I hate Rudder for that
Actions #2

Updated by Florent NEYRON 2 months ago

  • UX impact deleted (I hate Rudder for that)
Actions #3

Updated by Alexis Mousset 2 months ago

  • Severity changed from Major - prevents use of part of Rudder | no simple workaround to Minor - inconvenience | misleading | easy workaround
  • UX impact set to I bothers me each time
  • User visibility set to Operational - other Techniques | Rudder settings | Plugins
  • Priority changed from 0 to 32

There are actually two different scores as you can see on https://nvd.nist.gov/vuln/detail/CVE-2017-12588. Rudder uses the CVSSv3 score (the default on nvd, and also the most used) which gives 9.8, while CVSSv2 gives 7.2.

We should probably display that we display the base CVSSv3 score, but this is not actually a scoring bug, lowering the severity.

Actions #4

Updated by Vincent MEMBRÉ about 2 months ago

  • Target version changed from 7.1.2 to 7.1.3
Actions #5

Updated by Vincent MEMBRÉ 23 days ago

  • Target version changed from 7.1.3 to 7.1.4
Actions #6

Updated by Nicolas CHARLES 8 days ago

  • UX impact changed from I bothers me each time to It bothers me each time
  • Priority changed from 32 to 44
  • Regression set to No
Actions

Also available in: Atom PDF