Actions
Bug #21212
open
CVE display as severity 9.8 in Rudder whereas it's scored as 7.5 in CVE details
Pull Request:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
It bothers me each time
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Priority:
44
Regression:
No
Description
Files
Updated by Florent NEYRON 2 months ago
- UX impact deleted (
I hate Rudder for that)
Updated by Alexis Mousset 2 months ago
- Severity changed from Major - prevents use of part of Rudder | no simple workaround to Minor - inconvenience | misleading | easy workaround
- UX impact set to I bothers me each time
- User visibility set to Operational - other Techniques | Rudder settings | Plugins
- Priority changed from 0 to 32
There are actually two different scores as you can see on https://nvd.nist.gov/vuln/detail/CVE-2017-12588. Rudder uses the CVSSv3 score (the default on nvd, and also the most used) which gives 9.8, while CVSSv2 gives 7.2.
We should probably display that we display the base CVSSv3 score, but this is not actually a scoring bug, lowering the severity.
Updated by Vincent MEMBRÉ about 2 months ago
- Target version changed from 7.1.2 to 7.1.3
Updated by Vincent MEMBRÉ 23 days ago
- Target version changed from 7.1.3 to 7.1.4
Updated by Nicolas CHARLES 8 days ago
- UX impact changed from I bothers me each time to It bothers me each time
- Priority changed from 32 to 44
- Regression set to No
Actions