Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Grafana package used for upgrade_package_nonvulnerable_to_vulnerable case is vulnerable #5715

Closed
3 tasks done
Rebits opened this issue Sep 4, 2024 · 3 comments · Fixed by #5719
Closed
3 tasks done

Grafana package used for upgrade_package_nonvulnerable_to_vulnerable case is vulnerable #5715

Rebits opened this issue Sep 4, 2024 · 3 comments · Fixed by #5719
Assignees
@Rebits @rafabailon
Labels
level/task Task issue type/bug

Comments

@Rebits
Copy link
Member

Rebits commented Sep 4, 2024
edited
Loading

Description

In the Release 4.9.0 - RC 2 - Vulnerability Detection E2E tests, it was identified that the Grafana package used in the upgrade_package_nonvulnerable_to_vulnerable test case is vulnerable to CVE-2022-23498. To address this, the package should be replaced with one that is not affected by any known vulnerabilities.

Tasks

  • Replace the upgrade_package_nonvulnerable_to_vulnerable test case package with another one with no vulnerabilities for Linux based agents
  • Upload new packages to internal bucket

Validation
@Rebits Rebits mentioned this issue Sep 4, 2024
Closed
@wazuhci wazuhci moved this to Backlog in Release 4.9.1 Sep 4, 2024
@Rebits
Copy link
Member Author

Rebits commented Sep 4, 2024
edited
Loading

I suggest using grafana-9.3.16 as non-vulnerable and grafana-9.4.1 as vulnerable, although it should be review if these packages are adequate.

@rafabailon rafabailon self-assigned this Sep 4, 2024
@juliamagan juliamagan mentioned this issue Sep 4, 2024
Closed
@wazuhci wazuhci moved this from Backlog to In progress in Release 4.9.1 Sep 4, 2024
@rafabailon rafabailon mentioned this issue Sep 4, 2024
Merged
@rafabailon rafabailon linked a pull request Sep 4, 2024 that will close this issue
Fix Test Case upgrade_package_nonvulnerable_to_vulnerable #5719
Merged
@rafabailon
Copy link
Member

Update

I have added the Grafana packages and modified the Test to use them. I need to add the URL to the packages so they can be used.

I am moving the issue to On Hold until the packages are uploaded to the bucket.

@wazuhci wazuhci moved this from In progress to On hold in Release 4.9.1 Sep 5, 2024
@Rebits Rebits self-assigned this Sep 16, 2024
@Rebits
Copy link
Member Author

Rebits commented Sep 16, 2024
edited
Loading

Packages correctly uploaded in the following URLs:

Ubuntu

centOS

@Rebits Rebits mentioned this issue Sep 16, 2024
Closed
3 tasks
@wazuhci wazuhci moved this from On hold to In progress in Release 4.9.1 Sep 16, 2024
@wazuhci wazuhci moved this from In progress to Pending review in Release 4.9.1 Sep 16, 2024
@wazuhci wazuhci moved this from Pending review to In progress in Release 4.9.1 Sep 16, 2024
@wazuhci wazuhci moved this from In progress to In review in Release 4.9.1 Sep 16, 2024
@wazuhci wazuhci moved this from In review to On hold in Release 4.9.1 Sep 16, 2024
This was referenced Sep 17, 2024
Merged
Closed
@Rebits Rebits moved this from On hold to Pending final review in Release 4.9.1 Sep 18, 2024
@wazuhci wazuhci moved this from Pending final review to Done in Release 4.9.1 Sep 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Rebits Rebits

@rafabailon rafabailon

Labels
level/task Task issue type/bug
Projects
No open projects
Release 4.9.1
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix Test Case upgrade_package_nonvulnerable_to_vulnerable wazuh/wazuh-qa
3 participants
@Rebits @rafabailon @juliamagan