project-kb icon indicating copy to clipboard operation
project-kb copied to clipboard
verified publisher icon SAP

Improve/extend data extraction from advisories

Open copernico opened this issue 3 years ago • 0 comments

Case study: CVE-2020-1936

The description is simply: "A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4.".

Apparently hopeless, except that both of the two links that come with the NVD advisory contain the JIRA identifier AMBARI-25329.

  • http://www.openwall.com/lists/oss-security/2021/03/02/1
  • https://lists.apache.org/thread/rwfxn0nb6nqs2p7d9c063tswy8hrqkq3

Bingo!

Proposal

We should search the text of referenced pages for JIRA identifiers and treat them in the same way as we treat the direct links to JIRA pages.

copernico avatar Oct 14 '22 07:10 copernico