-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
False positive CVE-2023-4822 was included in E2E Vulnerability detection tests #5368
Comments
After talking with @sebasfalcone, the product currently is not able to sanitize grafana enterprise case. So we need to use another package for the E2E tests in order to validate the vulnerability detection feature.
Warning Currently according to Grafana, version 8.5.27 is affected to CVE-2024-1442 and CVE-2023-6152. However these vulnerabilities are currently being analyzed by the NVD so, this version is valid for the E2E tests. |
Moving ETA to allow testing and review Testing is only planned for the setup fixture due to known issues regarding the detection of vulnerabilities in Grafana packages (https://github.com/wazuh/intelligence-data/issues/233) |
Detected errors in the teardown method. In addition, it seems that no vulnerabilities are being collected by the test. Further research is required |
Currently testing among different E2E fixes. Check #5397 for more information |
Created custom branch to test all E2E fixes |
LGTM |
Description
In d19ab01, CVE-2023-4822 has been added to the list of anticipated vulnerabilities for Grafana's vulnerable packages. This update was prompted by findings from beta6 of Vulnerability Detection. However, it's worth noting that this vulnerability is not anticipated to surface in the regular Grafana installation tests, as they are conducted on Grafana itself, not Grafana Enterprise.
Tasks
Validation
No validation is needed
The text was updated successfully, but these errors were encountered: