wazuh icon indicating copy to clipboard operation
wazuh copied to clipboard
verified publisher icon wazuh

Consider remediations for packages' vulnerabilities scan

Open pereyra-m opened this issue 1 year ago • 4 comments

Related issue
Closes #23066

Description

This PR solves two different situations:

  • The Windows packages that have hotfixes report false positives
  • The insertion of a hotfix solves a package vulnerability

It was required to create a new cache with the agents' hotfixes and to store all the CVEs that affect a hotfix in a new DB column.

Logs/Alerts example

The vulnerability shown in the issue isn't being reported because the versions don't match. After inserting a temporal candidate with the version 16.0.4266.1001

./src/build/wazuh_modules/vulnerability_scanner/testtool/rocksDBQuery/rocks_db_query_testtool -d /var/ossec/queue/vd/feed/ -f /workspaces/wazuh/src/wazuh_modules/vulnerability_scanner/schemas/vulnerabilityCandidate.fbs -c nvd -k office_CVE-2024-21413 -v '{  "candidates": [    {      "cveId": "CVE-2024-21413",      "defaultStatus": "unaffected",      "versions": [        {          "version": "2016"        },        {          "version": "2019"        },        {          "version": "16.0.4266.1001"        }      ],      "vendor": "microsoft"    }  ]}'

The vulnerability is found

Details 

2024/05/03 04:02:57 wazuh-modulesd:vulnerability-scanner[164578] packageScanner.hpp:353 at vendorVerify(): DEBUG: Vendor match for Package: office, Version: 16.0.4266.1001, CVE: CVE-2024-21413, Vendor: microsoft
2024/05/03 04:02:57 wazuh-modulesd:vulnerability-scanner[164578] packageScanner.hpp:386 at versionMatch(): DEBUG: Scanning package - 'office' (Installed Version: 16.0.4266.1001, Security Vulnerability: CVE-2024-21413). Identified vulnerability: Version: 2016. Required Version Threshold: . Required Version Threshold (or Equal): .
2024/05/03 04:02:57 wazuh-modulesd:vulnerability-scanner[164578] packageScanner.hpp:386 at versionMatch(): DEBUG: Scanning package - 'office' (Installed Version: 16.0.4266.1001, Security Vulnerability: CVE-2024-21413). Identified vulnerability: Version: 2019. Required Version Threshold: . Required Version Threshold (or Equal): .
2024/05/03 04:02:57 wazuh-modulesd:vulnerability-scanner[164578] packageScanner.hpp:386 at versionMatch(): DEBUG: Scanning package - 'office' (Installed Version: 16.0.4266.1001, Security Vulnerability: CVE-2024-21413). Identified vulnerability: Version: 16.0.4266.1001. Required Version Threshold: . Required Version Threshold (or Equal): .
2024/05/03 04:02:57 wazuh-modulesd:vulnerability-scanner[164578] packageScanner.hpp:406 at versionMatch(): DEBUG: Match found, the package 'office', is vulnerable to 'CVE-2024-21413'. Current version: '16.0.4266.1001' is equal to '16.0.4266.1001'. - Agent 'DESKTOP-EQ4F57D' (ID: '001', Version: 'v4.7.4').
2024/05/03 04:02:57 wazuh-modulesd:vulnerability-scanner[164578] packageScanner.hpp:583 at packageHotfixSolved(): DEBUG: No remediation for package 'office' on agent '001' that solves CVE 'CVE-2024-21413' has been found.
2024/05/03 04:02:57 wazuh-modulesd:vulnerability-scanner[164578] packageScanner.hpp:705 at handleRequest(): DEBUG: Vulnerability scan for package 'Microsoft Office Professional Plus 2016' on Agent '001' has completed.

If we repeat the scan but after installing a hotfix that solves the CVE, it isn't reported as vulnerable

Details 

2024/05/03 14:53:38 wazuh-modulesd:vulnerability-scanner[19994] packageScanner.hpp:387 at versionMatch(): DEBUG: Scanning package - 'office' (Installed Version: 16.0.4266.1001, Security Vulnerability: CVE-2024-21413). Identified vulnerability: Version: 16.0.4266.1001. Required Version Threshold: . Required Version Threshold (or Equal): .
2024/05/03 14:53:38 wazuh-modulesd:vulnerability-scanner[19994] packageScanner.hpp:407 at versionMatch(): DEBUG: Match found, the package 'office', is vulnerable to 'CVE-2024-21413'. Current version: '16.0.4266.1001' is equal to '16.0.4266.1001'. - Agent 'DESKTOP-EQ4F57D' (ID: '001', Version: 'v4.7.4').
2024/05/03 14:53:38 wazuh-modulesd:vulnerability-scanner[19994] packageScanner.hpp:571 at packageHotfixSolved(): DEBUG: Remediation 'KB5002537' for package 'office' on agent '001' that solves CVE 'CVE-2024-21413' has been found.
2024/05/03 14:53:38 wazuh-modulesd:vulnerability-scanner[19994] packageScanner.hpp:706 at handleRequest(): DEBUG: Vulnerability scan for package 'Microsoft Office Professional Plus 2016' on Agent '001' has completed.

If we now run the scan without the hotfix and the install it, we get the alert of vulnerability solved

WIP

Tests

  • Compilation without warnings in every supported platform
    • [x] Linux
  • [x] Source installation
  • [x] Review logs syntax and correct language
  • [x] Added unit tests (for new features)

pereyra-m avatar May 03 '24 04:05 pereyra-m

Testing :red_circle:

Environment

  • Manager Ubuntu Jammy
  • Agent Centos9
  • Agent Windows 11

Scan by events

Expand
  • Total vulnerabilities found

vulnerabilities.json ossec.log.tar.gz

[!WARNING] Even though the logs are at the debug level, the file increases considerably.

image image

78 vulnerabilities for Ubuntu Jammy 2139 vulnerabilities for Centos 9 177 vulnerabilities for Windows 11 image

[!WARNING] All vulnerabilities have the "Packages" category

image

  • 100 vulnerabilities are related to Office

image

  • Hotfixes
0|2024/05/09 15:38:30|KB2468871|8f99821b9e79bc2258cb56cd14cfcaf9bbeda8e5
0|2024/05/09 15:38:30|KB2478063|8511235ae3ab3b642d8ba429599092634fdde3a8
0|2024/05/09 15:38:30|KB2533523|b8c4cb9a2aeb6a64269e88f6116765420a65cd80
0|2024/05/09 15:38:30|KB2544514|8e468309f00c0f31b8a0f12a6a79d2658652e9e9
0|2024/05/09 15:38:30|KB2600211|cb13c01ba11045aabbb074fc3e61b0a3b2d88dd4
0|2024/05/09 15:38:30|KB2600217|8253af775746f8545784d27edb852281c9a06955
0|2024/05/09 15:38:30|KB5027397|6aa52f220a9aebb1004ed2c308b594e5b0b463d5
0|2024/05/09 15:38:31|KB5033055|854cea78b398263b458d45dce82d0933492101fb
0|2024/05/09 15:38:31|KB5033204|2fb8a48c29e02391dbdef7ae5ee0140cf472e332
0|2024/05/09 15:38:31|KB5034467|928dcc74c96a7e988c4949519077bcd1930c391f
0|2024/05/09 15:38:31|KB5034765|783910a4b666a6dc8aa38b967909c0f9c653ebf5

Scan after installing new KB

Expand 
0|2024/05/09 15:38:30|KB2468871|8f99821b9e79bc2258cb56cd14cfcaf9bbeda8e5
0|2024/05/09 15:38:30|KB2478063|8511235ae3ab3b642d8ba429599092634fdde3a8
0|2024/05/09 15:38:30|KB2533523|b8c4cb9a2aeb6a64269e88f6116765420a65cd80
0|2024/05/09 15:38:30|KB2544514|8e468309f00c0f31b8a0f12a6a79d2658652e9e9
0|2024/05/09 15:38:30|KB2600211|cb13c01ba11045aabbb074fc3e61b0a3b2d88dd4
0|2024/05/09 15:38:30|KB2600217|8253af775746f8545784d27edb852281c9a06955
0|2024/05/09 15:38:30|KB5027397|6aa52f220a9aebb1004ed2c308b594e5b0b463d5
0|2024/05/09 15:38:31|KB5033055|854cea78b398263b458d45dce82d0933492101fb
0|2024/05/09 15:38:31|KB5033204|2fb8a48c29e02391dbdef7ae5ee0140cf472e332
0|2024/05/09 15:38:31|KB5034467|928dcc74c96a7e988c4949519077bcd1930c391f
0|2024/05/09 15:38:31|KB5034765|783910a4b666a6dc8aa38b967909c0f9c653ebf5
0|2024/05/09 17:58:43|KB5002467|458904c3a67b0e784f288758142fc60b35315220

The last KB listed is the one installed to solve Office vulnerability related to CVE-2023-21413

[!IMPORTANT] There are no changes in the vulnerabilities detected. During research @sebasfalcone @pereyra-m we found that the root cause is the missing hotfixes information in the database. (Database initialized in this branch)

Update 05/10/24

Database information

  • Hotfixes table is now available (content updated)

image

  • Candidates updated

image

Scan by events

Disparity found between indexed vulnerabilities and log messages.

[!WARNING] There's a strange mismatch between the indexed vulnerabilities and the logs reporting a vulnerability has been found. Evidence is attached here for further analysis.

image

Vulnerabilities overview

  • KB installation image

  • Hotfixes

0|2024/05/10 13:58:43|KB2468871|8f99821b9e79bc2258cb56cd14cfcaf9bbeda8e5
0|2024/05/10 13:58:43|KB2478063|8511235ae3ab3b642d8ba429599092634fdde3a8
0|2024/05/10 13:58:43|KB2533523|b8c4cb9a2aeb6a64269e88f6116765420a65cd80
0|2024/05/10 13:58:43|KB2544514|8e468309f00c0f31b8a0f12a6a79d2658652e9e9
0|2024/05/10 13:58:43|KB2600211|cb13c01ba11045aabbb074fc3e61b0a3b2d88dd4
0|2024/05/10 13:58:44|KB2600217|8253af775746f8545784d27edb852281c9a06955
0|2024/05/10 13:58:44|KB5027397|6aa52f220a9aebb1004ed2c308b594e5b0b463d5
0|2024/05/10 13:58:44|KB5033055|854cea78b398263b458d45dce82d0933492101fb
0|2024/05/10 13:58:44|KB5033204|2fb8a48c29e02391dbdef7ae5ee0140cf472e332
0|2024/05/10 13:58:44|KB5034467|928dcc74c96a7e988c4949519077bcd1930c391f
0|2024/05/10 13:58:44|KB5034765|783910a4b666a6dc8aa38b967909c0f9c653ebf5

77 vulnerabilities for Ubuntu Jammy 2139 vulnerabilities for Centos 9 178 vulnerabilities for Windows 11 image

100 out of 178 are office vulnerabilities image

The CVEs related to office are the following image

Scan after installing new KB (Syscollector sync forced)

  • Hotfixes (the last entry is the one installed to fix the vulnerability KB5002467)
0|2024/05/10 13:58:43|KB2468871|8f99821b9e79bc2258cb56cd14cfcaf9bbeda8e5
0|2024/05/10 13:58:43|KB2478063|8511235ae3ab3b642d8ba429599092634fdde3a8
0|2024/05/10 13:58:43|KB2533523|b8c4cb9a2aeb6a64269e88f6116765420a65cd80
0|2024/05/10 13:58:43|KB2544514|8e468309f00c0f31b8a0f12a6a79d2658652e9e9
0|2024/05/10 13:58:43|KB2600211|cb13c01ba11045aabbb074fc3e61b0a3b2d88dd4
0|2024/05/10 13:58:44|KB2600217|8253af775746f8545784d27edb852281c9a06955
0|2024/05/10 13:58:44|KB5027397|6aa52f220a9aebb1004ed2c308b594e5b0b463d5
0|2024/05/10 13:58:44|KB5033055|854cea78b398263b458d45dce82d0933492101fb
0|2024/05/10 13:58:44|KB5033204|2fb8a48c29e02391dbdef7ae5ee0140cf472e332
0|2024/05/10 13:58:44|KB5034467|928dcc74c96a7e988c4949519077bcd1930c391f
0|2024/05/10 13:58:44|KB5034765|783910a4b666a6dc8aa38b967909c0f9c653ebf5
0|2024/05/10 14:31:21|KB5002467|458904c3a67b0e784f288758142fc60b35315220

2024/05/10 11:32:19 wazuh-modulesd:vulnerability-scanner[25244] packageScanner.hpp:571 at packageHotfixSolved(): DEBUG: Remediation 'KB5002467' for package 'office' on agent '002' that solves CVE 'CVE-2024-21413' has been found.

No alerts as expected image

10 vulnerabilities have been fixed

image image image

alerts.json ossec.log vulnerabilities.json

Scan by events without Office package

image

[!WARNING] We still can see a mismatch between indexed vulnerabilities and log messages

image

[!WARNING] The number of vulnerabilities indexed is NOT the expected one, (2384)

It's like it still evaluating the office package.

The package is not present in the database image

There are no log messages referring to Office package image

This behavior needs to be discussed with @sebasfalcone and @pereyra-m.

ossec.log.tar.gz vulnerabilities.json

Vulnerabilities for non-existent package being indexed.

This wrong behavior was observed following these steps. (brief description of the testing executed above)

  • Windows agent with Office package installed.
  • Vulnerability detector database with hotfixes_applications and candidates WA for CVE-2024-21413.
  • Start Syscollector sync
  • Several vulnerabilities are being detected (2394 initially) for all agents.
  • A KB5002467 was installed
  • Syscollector sync forced through an agent restart
  • 10 vulnerabilities related to Office have been fixed. (2384) vulnerabilities left.
  • Manager and agents stopped
  • Agent databases deleted, vulnerability detector index deleted, ossec.log cleared
  • Office package uninstalled.
  • New syscollector sync forced.
  • No Office logs, no office package in agent database, but the same number of vulnerabilities indexed 2384.

[!IMPORTANT] The tests related to this implementation were successful, after installing the KB the specific CVE affected was solved. We can see here that under some uses the inventory is not cleaned properly leading to vulnerabilities for non-installed packages are indexed.

MiguelazoDS avatar May 09 '24 18:05 MiguelazoDS

Test - Install a KB for a vulnerable package 🟢

  • Installed Office 2016 image

  • Installed KB to fix

2024/05/09 17:36:00 wazuh-modulesd:vulnerability-scanner[245855] cveSolvedInventorySync.hpp:72 at operator()(): DEBUG: CVE 'CVE-2024-21413' was remediated by hotfix 'KB5002467' for '002_0011be200caf61ef8d0d0477e4e8f328c2c016ae_CVE-2024-21413'.
2024/05/09 17:36:00 wazuh-modulesd:vulnerability-scanner[245855] cveSolvedInventorySync.hpp:72 at operator()(): DEBUG: CVE 'CVE-2024-21413' was remediated by hotfix 'KB5002467' for '002_094055ceb0e2e63b0ecfcbb41a66541a1b1ca083_CVE-2024-21413'.
2024/05/09 17:36:00 wazuh-modulesd:vulnerability-scanner[245855] cveSolvedInventorySync.hpp:72 at operator()(): DEBUG: CVE 'CVE-2024-21413' was remediated by hotfix 'KB5002467' for '002_222ae3df7ad2779d4a42a9b02514089740cef63b_CVE-2024-21413'.
2024/05/09 17:36:00 wazuh-modulesd:vulnerability-scanner[245855] cveSolvedInventorySync.hpp:72 at operator()(): DEBUG: CVE 'CVE-2024-21413' was remediated by hotfix 'KB5002467' for '002_308b309694f41a18b3f99e1c8b05201eeafca00c_CVE-2024-21413'.
2024/05/09 17:36:00 wazuh-modulesd:vulnerability-scanner[245855] cveSolvedInventorySync.hpp:72 at operator()(): DEBUG: CVE 'CVE-2024-21413' was remediated by hotfix 'KB5002467' for '002_9a73b12da93578701cd1fab0b334407cf33d2dc0_CVE-2024-21413'.
2024/05/09 17:36:00 wazuh-modulesd:vulnerability-scanner[245855] cveSolvedInventorySync.hpp:72 at operator()(): DEBUG: CVE 'CVE-2024-21413' was remediated by hotfix 'KB5002467' for '002_9c5af1826923047935b52622447348b5b8160da4_CVE-2024-21413'.
2024/05/09 17:36:00 wazuh-modulesd:vulnerability-scanner[245855] cveSolvedInventorySync.hpp:72 at operator()(): DEBUG: CVE 'CVE-2024-21413' was remediated by hotfix 'KB5002467' for '002_aa43ca9f0c8b334c4f8270b0649dc05356bf9f7c_CVE-2024-21413'.
2024/05/09 17:36:00 wazuh-modulesd:vulnerability-scanner[245855] cveSolvedInventorySync.hpp:72 at operator()(): DEBUG: CVE 'CVE-2024-21413' was remediated by hotfix 'KB5002467' for '002_d9287b970add8f202e3f3e84012d6431ba79a471_CVE-2024-21413'.
2024/05/09 17:36:00 wazuh-modulesd:vulnerability-scanner[245855] cveSolvedInventorySync.hpp:72 at operator()(): DEBUG: CVE 'CVE-2024-21413' was remediated by hotfix 'KB5002467' for '002_e04aea6001b3db2555f84bae073b6e51a45636ff_CVE-2024-21413'.
2024/05/09 17:36:00 wazuh-modulesd:vulnerability-scanner[245855] cveSolvedInventorySync.hpp:72 at operator()(): DEBUG: CVE 'CVE-2024-21413' was remediated by hotfix 'KB5002467' for '002_efdf9aa5c8664cedd578be67fc58dd43119e2b30_CVE-2024-21413'.


2024/05/09 17:36:00 wazuh-modulesd:vulnerability-scanner[245855] eventSendReport.hpp:89 at handleRequest(): DEBUG: Vulnerability report for agent ID 002, hotfix: KB5002467, cve: CVE-2024-21413


2024/05/09 17:36:00 wazuh-modulesd:vulnerability-scanner[245855] resultIndexer.hpp:56 at operator()(): DEBUG: Processing and publish key: CVE-2024-21413
2024/05/09 17:36:00 wazuh-modulesd:vulnerability-scanner[245855] resultIndexer.hpp:56 at operator()(): DEBUG: Processing and publish key: CVE-2024-21413
2024/05/09 17:36:00 wazuh-modulesd:vulnerability-scanner[245855] resultIndexer.hpp:56 at operator()(): DEBUG: Processing and publish key: CVE-2024-21413
2024/05/09 17:36:00 wazuh-modulesd:vulnerability-scanner[245855] resultIndexer.hpp:56 at operator()(): DEBUG: Processing and publish key: CVE-2024-21413
2024/05/09 17:36:00 wazuh-modulesd:vulnerability-scanner[245855] resultIndexer.hpp:56 at operator()(): DEBUG: Processing and publish key: CVE-2024-21413
2024/05/09 17:36:00 wazuh-modulesd:vulnerability-scanner[245855] resultIndexer.hpp:56 at operator()(): DEBUG: Processing and publish key: CVE-2024-21413
2024/05/09 17:36:00 wazuh-modulesd:vulnerability-scanner[245855] resultIndexer.hpp:56 at operator()(): DEBUG: Processing and publish key: CVE-2024-21413
2024/05/09 17:36:00 wazuh-modulesd:vulnerability-scanner[245855] resultIndexer.hpp:56 at operator()(): DEBUG: Processing and publish key: CVE-2024-21413
2024/05/09 17:36:00 wazuh-modulesd:vulnerability-scanner[245855] resultIndexer.hpp:56 at operator()(): DEBUG: Processing and publish key: CVE-2024-21413
2024/05/09 17:36:00 wazuh-modulesd:vulnerability-scanner[245855] resultIndexer.hpp:56 at operator()(): DEBUG: Processing and publish key: CVE-2024-21413

image

sebasfalcone avatar May 09 '24 20:05 sebasfalcone

Test - Install vulnerable package (KB already installed) 🟢

  • Initial status image

  • Install Office 2016 image

  • CVE-2024-21413 was not detected, as it was fixed with the KB

sebasfalcone avatar May 09 '24 21:05 sebasfalcone

please, rebase this PR.

Dwordcito avatar May 14 '24 04:05 Dwordcito

Testing 🟢

Environment

  • Manager 4.8.0 on Ubuntu 22
  • Agents:
    • Windows 10 x 2
    • Windows 11
    • Windows 8.1
    • Windows 7
    • Alpine
    • Debian12
    • Centos 8
    • Rocky 8
    • RedHat 7
    • AlmaLinux 9
    • Amazon 2023
    • Ubuntu 22
    • Ubuntu 20
    • SLE15
  • Database provided from drive

Results (Brief)

  • Some packages were not scanned, for example, manager and SLE15
  • The Windows 10 agent has vulnerabilities of OS type along with packages like Edge, after updating with the last KBs no solved solution was found. Also connecting a second agent doesn't show the expected logs.
2024/05/14 16:47:27 wazuh-modulesd:vulnerability-scanner[75886] hotfixInsert.hpp:67 at handleRequest(): DEBUG: Getting associated vulnerabilities for hotfix 'KB5033052'
2024/05/14 16:47:27 wazuh-modulesd:vulnerability-scanner[75886] hotfixInsert.hpp:73 at handleRequest(): DEBUG: No vulnerabilities associated to hotfix 'KB5033052'
  • Only Windows 8.1 generate alerts
  • Compared with the previous scan, the scan of Ubuntu packages was different (Few vulnerabilities found)
  • The amount of vulnerable packages in the first scan differs with the rescan (More in the re-scan)
  • The solved solution of the KB5002467 was successfully
2024/05/14 19:50:37 wazuh-modulesd:vulnerability-scanner[78965] cveSolvedInventorySync.hpp:72 at operator()(): DEBUG: CVE 'CVE-2024-21413' was remediated by hotfix 'KB5002467' for '005_0011be200caf61ef8d0d0477e4e8f328c2c016ae_CVE-2024-21413'.
2024/05/14 19:50:37 wazuh-modulesd:vulnerability-scanner[78965] cveSolvedInventorySync.hpp:72 at operator()(): DEBUG: CVE 'CVE-2024-21413' was remediated by hotfix 'KB5002467' for '005_20d84ac0698c632ad6261d2fbfbc2fe6987973e9_CVE-2024-21413'.
2024/05/14 19:50:37 wazuh-modulesd:vulnerability-scanner[78965] cveSolvedInventorySync.hpp:72 at operator()(): DEBUG: CVE 'CVE-2024-21413' was remediated by hotfix 'KB5002467' for '005_7de2de8f7bbee9aa022e720ccbb3054c636b655b_CVE-2024-21413'.
2024/05/14 19:50:37 wazuh-modulesd:vulnerability-scanner[78965] cveSolvedInventorySync.hpp:72 at operator()(): DEBUG: CVE 'CVE-2024-21413' was remediated by hotfix 'KB5002467' for '005_aa43ca9f0c8b334c4f8270b0649dc05356bf9f7c_CVE-2024-21413'.
2024/05/14 19:50:37 wazuh-modulesd:vulnerability-scanner[78965] cveSolvedInventorySync.hpp:72 at operator()(): DEBUG: CVE 'CVE-2024-21413' was remediated by hotfix 'KB5002467' for '005_ac6890559fff37c742b7dd21a44d7f6d174636f5_CVE-2024-21413'.
2024/05/14 19:50:37 wazuh-modulesd:vulnerability-scanner[78965] cveSolvedInventorySync.hpp:72 at operator()(): DEBUG: CVE 'CVE-2024-21413' was remediated by hotfix 'KB5002467' for '005_b29db3634cba4e2496d284f8bb161044c9ad447a_CVE-2024-21413'.
2024/05/14 19:50:37 wazuh-modulesd:vulnerability-scanner[78965] cveSolvedInventorySync.hpp:72 at operator()(): DEBUG: CVE 'CVE-2024-21413' was remediated by hotfix 'KB5002467' for '005_d40571a413aedb50fb002cb2b77ab87a4544a463_CVE-2024-21413'.
2024/05/14 19:50:37 wazuh-modulesd:vulnerability-scanner[78965] cveSolvedInventorySync.hpp:72 at operator()(): DEBUG: CVE 'CVE-2024-21413' was remediated by hotfix 'KB5002467' for '005_d9287b970add8f202e3f3e84012d6431ba79a471_CVE-2024-21413'.
2024/05/14 19:50:37 wazuh-modulesd:vulnerability-scanner[78965] cveSolvedInventorySync.hpp:72 at operator()(): DEBUG: CVE 'CVE-2024-21413' was remediated by hotfix 'KB5002467' for '005_df2936f029841f7e8131bda0f40e5d1abfbeb145_CVE-2024-21413'.

Log attached

[!NOTE] Remove the zip extension

[!NOTE] Comments are not related to this PR.

logs.tar.xz.zip

GabrielEValenzuela avatar May 14 '24 20:05 GabrielEValenzuela

Update

The QA tests for vulnerability scanner fail because the content has changed and it still hasn't been published. The tests pass in a local environment

2024-05-15_21-53

pereyra-m avatar May 16 '24 01:05 pereyra-m