django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard
verified publisher icon DefectDojo

Re-open vulnerability (Mitigated to Active) should set Endpoints to Active too

Open advidsec opened this issue 3 years ago • 6 comments

Slack us first! Details about the bug: https://owasp.slack.com/archives/C2P5BA8MN/p1661952617478849

Be informative When a vulnerability is re-opened: Inactive, Mitigated to Active , DefectDojo should set the Endpoints from Mitigated to Active too.

Bug description Endpoints doesn't change the status after the changes of state of a vulnerability (Inactive, Mitigated to Active)

Steps to reproduce Steps to reproduce the behavior: When a vulnerability is re-opened: Inactive, Mitigated to Active , DefectDojo doesn't set the Endpoints from Mitigated to Active. Deduplication = ON Close old findings = ON Aug. 28, 2022 - 1º Upload a scan with 2 assets with port 3306 open -> Vulnerability Open Port: 3306/TCP Active Aug. 29, 2022 - 2º Upload a scan with 1 asset with port 3306 open -> The vulnerability created in step 1 (Aug. 28, 2022) is set to Inactive, Mitigated and the assets is set to Mitigated New vulnerability created (Aug. 29, 2022) with only 1 vulnerable asset with the vulnerability Active. Aug. 30, 2022 3º Upload again a scan with 2 assets with port 3306 open (the same scan in the step 1) It reopens the vulnerability in step 1 (Aug. 28, 2022), marks it as Active but the assets appear as Mitigated

Expected behavior When a vulnerability is Re-open -> Inactive, Mitigated to Active The Endpoints should set from Mitigated to Active too.

Deployment method (select with an X)

  • [X ] Docker Compose
  • [ ] Kubernetes
  • [ ] GoDojo

Environment information

  • Operating System: [Kali 2022.3]
  • DefectDojo version 2.13.1

Screenshots https://owasp.slack.com/archives/C2P5BA8MN/p1661952617478849

advidsec avatar Sep 01 '22 06:09 advidsec

In my environment, once the finding is set to active and verified, then the endpoint is marked as active again as well.

coheigea avatar Sep 26 '22 06:09 coheigea

We have version 2.14.1 and when the vulnerability is reopened (closed to active) only the list of "Mitigated Endpoints / Systems" is displayed, not the list of "Vulnerable Endpoints / Systems".

advidsec avatar Sep 26 '22 08:09 advidsec

What happens when you mark the active finding as verified?

coheigea avatar Sep 26 '22 09:09 coheigea

The same

advidsec avatar Sep 26 '22 10:09 advidsec

@advidsec could you please retest this issue with the latest release if this issue is still open?

manuel-sommer avatar Feb 18 '24 11:02 manuel-sommer

I have similar problem on the newest version v. 2.32.3. On the finding (that was reopened) view there is section "Mitigated Endpoints / Systems" it says that endpoint is mitigated but when you click on the endpoint name then you are moved to endpoint view and you see that it is vulnerable and you see the vulnerability you have just moved from on the list.

So it seems that when you reopen vulnerability the endpoints view/sections (inside vulnerability) are not refreshed.

WojTecH94 avatar Mar 26 '24 10:03 WojTecH94