Test Report

Tests	Failed	Success	XFail	Error
test_vulnerability_detector/test_vulnerability_detector.py	2	3	0	0

Result	Time	Test	Description	Duration	Markers	Tier
Failed	test_vulnerability_detector/test_vulnerability_detector.py::TestInitialScans::test_syscollector_first_scan_index	description: Validates that the Vulnerability Detector detects vulnerabilities within the environment in the. first scan in the index.	813.59	filterwarnings	Test arguments test_syscollector_first_scan_index.log agent1_ossec.log agent3_ossec.log agents_not_detected_index_vulnerabilities.log manager1_ossec.log agent4_ossec.log vulnerabilities_index_first_scan.log agent2_ossec.log manager2_ossec.log
Test function details Extended Summary This test ensures that the Vulnerability Detector accurately detects vulnerabilities within the environment in the index. It is assumed that provided hosts will have at least one vulnerability. tier: 0 parameters: - request: pytest request object - host_manager: type: fixture brief: Get the host manager of the environment - setup_vulnerability_tests: type: fixture brief: Setup the environment to proceed with the testing - get_results: fixture to get the results of global class tests assertions: - Verify that all agents has been scanned - Verify that all agents has generated vulnerabilities in the index cases: None tags: - syscollector - vulnerability_detector Parameters self = <test_vulnerability_detector.TestInitialScans object at 0x7f538a018c50> request = <FixtureRequest for <Function test_syscollector_first_scan_index>> host_manager = <wazuh_testing.tools.system.HostManager object at 0x7f538b85fed0> setup_vulnerability_tests = '2024-03-27T14:59:48Z' get_results = {'test_syscollector_first_scan': {'checks': {'all_successfull': True}, 'evidences': {'agents_not_scanned_first_scan': ... compiled objects', 'installed': '2022-11-11T21:52:50.000Z', 'name': 'elfutils-libs', ...}, ...}}, ...], 'agent4': []}} def test_syscollector_first_scan_index(self, request, host_manager, setup_vulnerability_tests, get_results): """ description: Validates that the Vulnerability Detector detects vulnerabilities within the environment in the first scan in the index. This test ensures that the Vulnerability Detector accurately detects vulnerabilities within the environment in the index. It is assumed that provided hosts will have at least one vulnerability. tier: 0 parameters: - request: pytest request object - host_manager: type: fixture brief: Get the host manager of the environment - setup_vulnerability_tests: type: fixture brief: Setup the environment to proceed with the testing - get_results: fixture to get the results of global class tests assertions: - Verify that all agents has been scanned - Verify that all agents has generated vulnerabilities in the index cases: None tags: - syscollector - vulnerability_detector """ results = get_results test_name = request.node.name test_result = { 'checks': { 'all_successfull': True, }, 'evidences': { 'agents_not_detected_index_vulnerabilities': [], 'vulnerabilities_index_first_scan': [] } } # Filter agents that has not been scanned agents_to_check = [agent for agent in host_manager.get_group_hosts('agent') if agent not in results['test_syscollector_first_scan']['evidences']['agents_not_scanned_first_scan']] if len(agents_to_check) == 0: pytest.skip("Syscollector scan not started in any agent. Skipping test") # Check vulnerabilities in the index logger.critical("Checking vulnerabilities in the index") vuln_by_agent_index = {} time.sleep(TIMEOUT_PER_AGENT_VULNERABILITY_SCAN * len(agents_to_check)) for agent in agents_to_check: agent_all_vulnerabilities = get_indexer_values(host_manager, greater_than_timestamp=setup_vulnerability_tests, agent=agent, index='wazuh-states-vulnerabilities',)['hits']['hits'] vuln_by_agent_index[agent] = agent_all_vulnerabilities test_result['evidences']['vulnerabilities_index_first_scan'] = vuln_by_agent_index logger.critical("Checking that all agents has been scanned and generated vulnerabilities in the index") for agent in agents_to_check: if agent not in list(vuln_by_agent_index.keys()) or \ len(vuln_by_agent_index[agent]) == 0: logger.critical(f"Agent {agent} has not been scanned. Continuing with remaining agents") test_result['checks']['all_successfull'] = False test_result['evidences']['agents_not_detected_index_vulnerabilities'].append(agent) results[test_name] = test_result # Store full alert index list in global results. It is needed for the next test results['vulnerabilities_index_first_scan'] = vuln_by_agent_index if not test_result['checks']['all_successfull']: logging_message = 'Some agents has not been scanned and generated vulnerabilities in the index:' \ f"{test_result['evidences']['agents_not_detected_index_vulnerabilities']}." logger.critical(logging_message) > pytest.fail(logging_message) E Failed: Some agents has not been scanned and generated vulnerabilities in the index:['agent4']. end_to_end/test_vulnerability_detector/test_vulnerability_detector.py:337: Failed -------------------------------Captured log call-------------------------------- CRITICAL test_vulnerability_detector:test_vulnerability_detector.py:307 Checking vulnerabilities in the index CRITICAL test_vulnerability_detector:test_vulnerability_detector.py:319 Checking that all agents has been scanned and generated vulnerabilities in the index CRITICAL test_vulnerability_detector:test_vulnerability_detector.py:324 Agent agent4 has not been scanned. Continuing with remaining agents CRITICAL test_vulnerability_detector:test_vulnerability_detector.py:336 Some agents has not been scanned and generated vulnerabilities in the index:['agent4'].
Failed	test_vulnerability_detector/test_vulnerability_detector.py::TestInitialScans::tests_syscollector_first_second_scan_consistency_index	description: Ensure the consistency of the agent's vulnerabilities between the first and second scans in index.	17.64	filterwarnings	Test arguments agent1_ossec.log vulnerabilities_not_found_in_first_scan.log agent3_ossec.log manager1_ossec.log agent4_ossec.log vulnerabilities_index_second_scan.log tests_syscollector_first_second_scan_consistency_index.log vulnerabilities_index_first_scan.log agent2_ossec.log manager2_ossec.log
Test function details Extended Summary This test ensure that alerts in the first scan are consistent with the alerts in the second scan in the index. tier: 0 parameters: - request: pytest request object - host_manager: type: fixture brief: Get the host manager of the environment - setup_vulnerability_tests: type: fixture brief: Setup the environment to proceed with the testing - get_results: fixture to get the results of global class tests assertions: - Verify that the number of vulnerabilities is the same between scans cases: None tags: - syscollector - vulnerability_detector Parameters self = <test_vulnerability_detector.TestInitialScans object at 0x7f538a019b90> request = <FixtureRequest for <Function tests_syscollector_first_second_scan_consistency_index>> host_manager = <wazuh_testing.tools.system.HostManager object at 0x7f538b85fed0> setup_vulnerability_tests = '2024-03-27T14:59:48Z' get_results = {'test_syscollector_first_scan': {'checks': {'all_successfull': True}, 'evidences': {'agents_not_scanned_first_scan': ...54', '_index': 'wazuh-states-vulnerabilities', '_score': 2.0389102, '_source': {...}}, ...], 'agent4': []}, ...}}, ...} def tests_syscollector_first_second_scan_consistency_index(self, request, host_manager, setup_vulnerability_tests, get_results): """ description: Ensure the consistency of the agent's vulnerabilities between the first and second scans in index. This test ensure that alerts in the first scan are consistent with the alerts in the second scan in the index. tier: 0 parameters: - request: pytest request object - host_manager: type: fixture brief: Get the host manager of the environment - setup_vulnerability_tests: type: fixture brief: Setup the environment to proceed with the testing - get_results: fixture to get the results of global class tests assertions: - Verify that the number of vulnerabilities is the same between scans cases: None tags: - syscollector - vulnerability_detector """ results = get_results test_name = request.node.name test_result = { 'checks': { 'all_successfull': True, }, 'evidences': { 'vulnerabilities_index_first_scan': results['vulnerabilities_index_first_scan'], 'vulnerabilities_index_second_scan': [], 'vulnerabilities_not_found_in_second_scan': [], 'vulnerabilities_not_found_in_first_scan': [], 'agent_not_found_in_first_scan': [], 'agent_not_found_in_second_scan': [] } } logger.critical("Checking vulnerabilities in the second scan") vuln_by_agent_index_second_scan = {} for agent in host_manager.get_group_hosts('agent'): agent_all_vulnerabilities = get_indexer_values(host_manager, greater_than_timestamp=setup_vulnerability_tests, index='wazuh-states-vulnerabilities', agent=agent)['hits']['hits'] # Only is expected alert of affected vulnerabilities vuln_by_agent_index_second_scan[agent] = agent_all_vulnerabilities test_result['evidences']['vulnerabilities_index_second_scan'] = vuln_by_agent_index_second_scan # Calculate differences between first and second scan agent_not_found_in_first_scan = list(set(vuln_by_agent_index_second_scan.keys()) - set(results['vulnerabilities_index_first_scan'].keys())) agent_not_found_in_second_scan = list(set(results['vulnerabilities_index_first_scan'].keys()) - set(vuln_by_agent_index_second_scan.keys())) agent_found_in_all_scans = set(vuln_by_agent_index_second_scan.keys()) & set(results['vulnerabilities_index_first_scan'].keys()) vulnerabilities_not_found_in_first_scan = {} vulnerabilities_not_found_in_second_scan = {} for agent in agent_found_in_all_scans: vulnerabilities_second_scan = get_vulnerabilities_from_states(vuln_by_agent_index_second_scan[agent]) vulnerabilities_first_scan = get_vulnerabilities_from_states(results['vulnerabilities_index_first_scan'][agent]) # Calculate differences between first and second scan vulnerabilities_not_found_second_scan = list(set(vulnerabilities_first_scan) - set(vulnerabilities_second_scan)) vulnerabilities_not_found_first_scan = list(set(vulnerabilities_second_scan) - set(vulnerabilities_first_scan)) # Change to dict to be able to serialize vulnerabilities_not_found_first_scan = [vuln._asdict() for vuln in vulnerabilities_not_found_first_scan] vulnerabilities_not_found_second_scan = [vuln._asdict() for vuln in vulnerabilities_not_found_second_scan] if len(vulnerabilities_not_found_second_scan) > 0: vulnerabilities_not_found_in_second_scan[agent] = vulnerabilities_not_found_second_scan if len(vulnerabilities_not_found_first_scan) > 0: vulnerabilities_not_found_in_first_scan[agent] = vulnerabilities_not_found_first_scan # Check if agents are the same in both scans if len(agent_found_in_all_scans) != len(vuln_by_agent_index_second_scan) != len(results['vulnerabilities_index_first_scan']): test_result['checks']['all_successfull'] = False logging.critical("Inconsistencies found between first and second scan in the index. Different agents found") if len(agent_not_found_in_first_scan) > 0: logging.critical(f"Agents not found in first scan: {agent_not_found_in_first_scan}") test_result['evidences']['agent_not_found_in_first_scan'] = agent_not_found_in_first_scan if len(agent_not_found_in_second_scan) > 0: logging.critical(f"Agents not found in second scan: {agent_not_found_in_second_scan}") test_result['evidences']['agent_not_found_in_second_scan'] = agent_not_found_in_second_scan # Check if vulnerabilities are the same in both scans if vulnerabilities_not_found_in_first_scan or vulnerabilities_not_found_in_second_scan: test_result['checks']['all_successfull'] = False if vulnerabilities_not_found_in_first_scan: logging.critical(f"Vulnerabilities not found in first scan: {vulnerabilities_not_found_in_first_scan}") test_result['evidences']['vulnerabilities_not_found_in_first_scan'] = vulnerabilities_not_found_in_first_scan if vulnerabilities_not_found_in_second_scan: logging.critical(f"Vulnerabilities not found in second scan: {vulnerabilities_not_found_in_second_scan}") test_result['evidences']['vulnerabilities_not_found_in_second_scan'] = vulnerabilities_not_found_in_second_scan results[test_name] = test_result if not test_result['checks']['all_successfull']: logging_message = "Inconsistencies found between first and second scan in the index. Check evidences for more information" logger.critical(logging_message) > pytest.fail(logging_message) E Failed: Inconsistencies found between first and second scan in the index. Check evidences for more information end_to_end/test_vulnerability_detector/test_vulnerability_detector.py:528: Failed -------------------------------Captured log call-------------------------------- CRITICAL test_vulnerability_detector:test_vulnerability_detector.py:462 Checking vulnerabilities in the second scan CRITICAL root:test_vulnerability_detector.py:516 Vulnerabilities not found in first scan: {'agent2': [{'cve': 'CVE-2023-30630', 'package_name': 'dmidecode', 'package_version': '3.3-3', 'type': None, 'architecture': None}, {'cve': 'CVE-2022-3287', 'package_name': 'fwupd', 'package_version': '1.7.5-3', 'type': None, 'architecture': None}]} CRITICAL test_vulnerability_detector:test_vulnerability_detector.py:527 Inconsistencies found between first and second scan in the index. Check evidences for more information
Passed	test_vulnerability_detector/test_vulnerability_detector.py::TestInitialScans::test_syscollector_first_scan	description: Validates the initiation of Syscollector scans across all agents in the environment.	403.30	filterwarnings
-------------------------------Captured log setup------------------------------- ERROR test_vulnerability_detector:test_vulnerability_detector.py:120 Init setup of environment ERROR test_vulnerability_detector:test_vulnerability_detector.py:123 Getting backup of current configurations ERROR test_vulnerability_detector:test_vulnerability_detector.py:126 Configuring environment ERROR test_vulnerability_detector:test_vulnerability_detector.py:130 Truncate managers and agents logs ERROR test_vulnerability_detector:test_vulnerability_detector.py:134 Stopping agents ERROR test_vulnerability_detector:test_vulnerability_detector.py:136 Restarting managers ERROR test_vulnerability_detector:test_vulnerability_detector.py:139 Save the Wazuh indexer username and password into the Wazuh manager keystore ERROR test_vulnerability_detector:test_vulnerability_detector.py:142 Restarting managers ERROR test_vulnerability_detector:test_vulnerability_detector.py:151 Wait until Vulnerability Detector has update all the feeds ERROR test_vulnerability_detector:test_vulnerability_detector.py:155 Truncate managers and agents logs ERROR test_vulnerability_detector:test_vulnerability_detector.py:159 Removing agents -------------------------------Captured log call-------------------------------- CRITICAL test_vulnerability_detector:test_vulnerability_detector.py:230 Monitoring syscollector first scan CRITICAL test_vulnerability_detector:test_vulnerability_detector.py:239 Value of monitoring results is: {'agent4': {'not_found': [], 'found': ['2024/03/27 15:01:51']}, 'agent3': {'not_found': [], 'found': ['2024/03/27 15:01:38']}, 'agent2': {'not_found': [], 'found': ['2024/03/27 15:01:28']}, 'agent1': {'not_found': [], 'found': ['2024/03/27 15:01:17']}} CRITICAL test_vulnerability_detector:test_vulnerability_detector.py:254 All agents has been scanned
Passed	test_vulnerability_detector/test_vulnerability_detector.py::TestInitialScans::test_syscollector_second_scan	description: Validates the initiation of the second Syscollector scans across all agents in the environment.	7.70	filterwarnings
-------------------------------Captured log call-------------------------------- CRITICAL test_vulnerability_detector:test_vulnerability_detector.py:395 Value of monitoring results is: {'agent4': {'not_found': [], 'found': ['2024/03/27 15:01:51', '2024/03/27 15:04:36', '2024/03/27 15:06:39', '2024/03/27 15:08:42', '2024/03/27 15:10:45', '2024/03/27 15:12:48', '2024/03/27 15:14:51']}, 'agent3': {'not_found': [], 'found': ['2024/03/27 15:01:38', '2024/03/27 15:04:22', '2024/03/27 15:06:25', '2024/03/27 15:08:27', '2024/03/27 15:10:29', '2024/03/27 15:12:31', '2024/03/27 15:14:34', '2024/03/27 15:16:37']}, 'agent1': {'not_found': [], 'found': ['2024/03/27 15:01:17', '2024/03/27 15:04:02', '2024/03/27 15:06:05', '2024/03/27 15:08:07', '2024/03/27 15:10:10', '2024/03/27 15:12:12', '2024/03/27 15:14:15', '2024/03/27 15:16:18']}, 'agent2': {'not_found': [], 'found': ['2024/03/27 15:01:28', '2024/03/27 15:04:14', '2024/03/27 15:06:17', '2024/03/27 15:08:20', '2024/03/27 15:10:24', '2024/03/27 15:12:27', '2024/03/27 15:14:31', '2024/03/27 15:16:35']}} CRITICAL test_vulnerability_detector:test_vulnerability_detector.py:397 Checking that all agents has been scanned CRITICAL test_vulnerability_detector:test_vulnerability_detector.py:414 Syscollector scan started in all agents
Passed	test_vulnerability_detector/test_vulnerability_detector.py::TestScanSyscollectorCases::test_vulnerability_detector_scans_cases[upgrade_package_maintain_vulnerability]		363.57
-------------------------------Captured log setup------------------------------- ERROR root:remote_operations_handler.py:198 Error: Package for centos and arm64v8 not found ERROR root:remote_operations_handler.py:198 Error: Package for ubuntu and arm64v8 not found CRITICAL root:conftest.py:164 Test failed for host agent2. Check logs for more information CRITICAL root:conftest.py:165 Evidences: {'alerts_not_found': [{'CVE': 'CVE-2023-22028', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2023-22026', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2023-22015', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2023-22007', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2023-21980', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2023-21977', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2022-21444', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2022-21417', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2021-22570', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2021-2356', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-15358', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-14852', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-14846', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-14845', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-14839', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-14837', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-14830', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}], 'states_not_found': [{'agent': 'agent2', 'cve': 'CVE-2023-22028', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2023-22026', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2023-22015', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2023-22007', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2023-21980', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2023-21977', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2022-21444', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2022-21417', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2021-22570', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2021-2356', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-15358', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-14852', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-14846', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-14845', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-14839', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-14837', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-14830', 'package_name': 'mysql', 'package_version': '5.5.20'}], 'alerts_found': [], 'states_found': [], 'alerts_found_unexpected': [], 'states_found_unexpected': [], 'all_alerts_found': {'agent1': [], 'agent2': [], 'agent3': [], 'agent4': []}, 'all_alerts_found_mitigated': {'agent1': [], 'agent2': [], 'agent3': [], 'agent4': []}, 'all_states_found': {'agent1': [], 'agent2': [{'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-28487', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.083Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Sudo before 1.9.13 does not escape control characters in sudoreplay output.', 'enumeration': 'CVE', 'id': 'CVE-2023-28487', 'reference': 'https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca, https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13, https://security.gentoo.org/glsa/202309-12, https://security.netapp.com/advisory/ntap-20230420-0002/, https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-28486', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.083Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Sudo before 1.9.13 does not escape control characters in log messages.', 'enumeration': 'CVE', 'id': 'CVE-2023-28486', 'reference': 'https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca, https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13, https://security.gentoo.org/glsa/202309-12, https://security.netapp.com/advisory/ntap-20230420-0002/, https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2022-33070', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.084Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.', 'enumeration': 'CVE', 'id': 'CVE-2022-33070', 'reference': 'https://github.com/protobuf-c/protobuf-c/issues/506, https://github.com/protobuf-c/protobuf-c/pull/508, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFN2GHUEGTSHRD7J5PKQ5DRSJSEQ2IKN/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 4.3, 'version': '2.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-27320', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.084Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Sudo before 1.9.13p2 has a double free in the per-command chroot feature.', 'enumeration': 'CVE', 'id': 'CVE-2023-27320', 'reference': 'https://www.openwall.com/lists/oss-security/2023/02/28/1, http://www.openwall.com/lists/oss-security/2023/03/01/8, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/332KN4QI6QXB7NI7SWSJ2EQJKWIILFN6/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPLXMRAMXC3BYL4DNKVTK3V6JDMUXZ7B/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6VW24YGXJYI4NZ5HZPQCF4MCE7766AU/, https://www.sudo.ws/releases/stable/#1.9.13p2, https://security.gentoo.org/glsa/202309-12, https://security.netapp.com/advisory/ntap-20230413-0009/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 7.2, 'version': '3.1'}, 'severity': 'High'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-22809', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.084Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR=\'vim -- /path/to/extra/file\' value.', 'enumeration': 'CVE', 'id': 'CVE-2023-22809', 'reference': 'http://www.openwall.com/lists/oss-security/2023/01/19/1, https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf, https://www.sudo.ws/security/advisories/sudoedit_any/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4YNBTTKTRT2ME3NTSXAPTOKYUE47XHZ/, http://seclists.org/fulldisclosure/2023/Aug/21, https://lists.debian.org/debian-lts-announce/2023/01/msg00012.html, https://security.gentoo.org/glsa/202305-12, https://security.netapp.com/advisory/ntap-20230127-0015/, https://support.apple.com/kb/HT213758, https://www.debian.org/security/2023/dsa-5321, http://packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.html, http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html, http://packetstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 7.8, 'version': '3.1'}, 'severity': 'High'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_27d6f1422b18a7d11a1a56e2d0aeb85e74d085c3_CVE-2023-4016', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.088Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': '/proc file system utilities', 'name': 'procps', 'size': 1388, 'type': 'deb', 'version': '2:3.3.17-6ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.', 'enumeration': 'CVE', 'id': 'CVE-2023-4016', 'reference': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/, https://gitlab.com/procps-ng/procps', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 2.5, 'version': '3.1'}, 'severity': 'Low'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_241986638cf96bc4672f80578c0cf3a122e58c3f_CVE-2023-26112', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:18:56.865Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'name': 'configobj', 'path': '/usr/local/lib/python3.10/site-packages/configobj-5.0.6-py3.10.egg-info/PKG-INFO', 'size': 0, 'type': 'pypi', 'version': '5.0.6'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.)\\).\r\rNote:* This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.\r\r', 'enumeration': 'CVE', 'id': 'CVE-2023-26112', 'reference': 'https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494, https://github.com/DiffSK/configobj/issues/232, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BO4RLMYEJODCNUE3DJIIUUFVTPAG6VN/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZHY7B33EFY4LESP2NI4APQUPRROTAZK/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYU4IHVLOTYMFPH7KDOJGKZQR4GKWPFK/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.9, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24268022b2ec27d13fefb813c03d5fbf78c0bca4_CVE-2022-36087', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:18:56.866Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'name': 'oauthlib', 'path': '/usr/local/lib/python3.10/site-packages/oauthlib-3.2.0.dist-info/METADATA', 'size': 0, 'type': 'pypi', 'version': '3.2.0'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.', 'enumeration': 'CVE', 'id': 'CVE-2022-36087', 'reference': 'https://github.com/oauthlib/oauthlib/security/advisories/GHSA-3pgj-pg6c-r5p7, https://github.com/oauthlib/oauthlib/blob/2b8a44855a51ad5a5b0c348a08c2564a2e197ea2/oauthlib/uri_validate.py, https://github.com/oauthlib/oauthlib/blob/d4bafd9f1d0eba3766e933b1ac598cbbf37b8914/oauthlib/oauth2/rfc6749/grant_types/base.py#L232, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYLYHE5HWF6R2CRLJFUK4PILR47WXOE/, https://github.com/oauthlib/oauthlib/commit/2e40b412c844ecc4673c3fa3f72181f228bdbacd, https://github.com/oauthlib/oauthlib/releases/tag/v3.2.1, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LXOPIA6M57CFQPUT6HHSNXCTV6QA3UDI/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBCQJR3ZF7FVNTJYRVPVSQEQRAYZIUHU/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2CQZM5CKOUM4GW2GTAPQEQFPITQ6F7S/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.7, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_22f4885eff258e0b5d71d96086464c880c264eb0_CVE-2022-2806', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:18:32.594Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Set of tools to gather troubleshooting data from a system', 'name': 'sosreport', 'size': 2708, 'type': 'deb', 'version': '4.3-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev', 'enumeration': 'CVE', 'id': 'CVE-2022-2806', 'reference': 'https://github.com/sosreport/sos/pull/2947', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.5, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}], 'agent3': [], 'agent4': []}} CRITICAL root:conftest.py:164 Test failed for host agent1. Check logs for more information CRITICAL root:conftest.py:165 Evidences: {'alerts_not_found': [{'CVE': 'CVE-2023-21967', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2023-21954', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2023-21939', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2023-21938', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2023-21937', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2023-21930', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2014-2405', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2014-1876', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2014-0462', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2012-5373', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2012-2739', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}], 'states_not_found': [{'agent': 'agent1', 'cve': 'CVE-2023-21967', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2023-21954', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2023-21939', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2023-21938', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2023-21937', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2023-21930', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2014-2405', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2014-1876', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2014-0462', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2012-5373', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2012-2739', 'package_name': 'openjdk', 'package_version': '1.6.0'}], 'alerts_found': [], 'states_found': [], 'alerts_found_unexpected': [], 'states_found_unexpected': [], 'all_alerts_found': {'agent1': [], 'agent2': [], 'agent3': [], 'agent4': []}, 'all_alerts_found_mitigated': {'agent1': [], 'agent2': [], 'agent3': [], 'agent4': []}, 'all_states_found': {'agent1': [], 'agent2': [{'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-28487', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.083Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Sudo before 1.9.13 does not escape control characters in sudoreplay output.', 'enumeration': 'CVE', 'id': 'CVE-2023-28487', 'reference': 'https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca, https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13, https://security.gentoo.org/glsa/202309-12, https://security.netapp.com/advisory/ntap-20230420-0002/, https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-28486', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.083Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Sudo before 1.9.13 does not escape control characters in log messages.', 'enumeration': 'CVE', 'id': 'CVE-2023-28486', 'reference': 'https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca, https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13, https://security.gentoo.org/glsa/202309-12, https://security.netapp.com/advisory/ntap-20230420-0002/, https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2022-33070', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.084Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.', 'enumeration': 'CVE', 'id': 'CVE-2022-33070', 'reference': 'https://github.com/protobuf-c/protobuf-c/issues/506, https://github.com/protobuf-c/protobuf-c/pull/508, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFN2GHUEGTSHRD7J5PKQ5DRSJSEQ2IKN/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 4.3, 'version': '2.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-27320', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.084Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Sudo before 1.9.13p2 has a double free in the per-command chroot feature.', 'enumeration': 'CVE', 'id': 'CVE-2023-27320', 'reference': 'https://www.openwall.com/lists/oss-security/2023/02/28/1, http://www.openwall.com/lists/oss-security/2023/03/01/8, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/332KN4QI6QXB7NI7SWSJ2EQJKWIILFN6/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPLXMRAMXC3BYL4DNKVTK3V6JDMUXZ7B/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6VW24YGXJYI4NZ5HZPQCF4MCE7766AU/, https://www.sudo.ws/releases/stable/#1.9.13p2, https://security.gentoo.org/glsa/202309-12, https://security.netapp.com/advisory/ntap-20230413-0009/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 7.2, 'version': '3.1'}, 'severity': 'High'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-22809', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.084Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR=\'vim -- /path/to/extra/file\' value.', 'enumeration': 'CVE', 'id': 'CVE-2023-22809', 'reference': 'http://www.openwall.com/lists/oss-security/2023/01/19/1, https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf, https://www.sudo.ws/security/advisories/sudoedit_any/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4YNBTTKTRT2ME3NTSXAPTOKYUE47XHZ/, http://seclists.org/fulldisclosure/2023/Aug/21, https://lists.debian.org/debian-lts-announce/2023/01/msg00012.html, https://security.gentoo.org/glsa/202305-12, https://security.netapp.com/advisory/ntap-20230127-0015/, https://support.apple.com/kb/HT213758, https://www.debian.org/security/2023/dsa-5321, http://packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.html, http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html, http://packetstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 7.8, 'version': '3.1'}, 'severity': 'High'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_27d6f1422b18a7d11a1a56e2d0aeb85e74d085c3_CVE-2023-4016', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.088Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': '/proc file system utilities', 'name': 'procps', 'size': 1388, 'type': 'deb', 'version': '2:3.3.17-6ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.', 'enumeration': 'CVE', 'id': 'CVE-2023-4016', 'reference': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/, https://gitlab.com/procps-ng/procps', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 2.5, 'version': '3.1'}, 'severity': 'Low'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_241986638cf96bc4672f80578c0cf3a122e58c3f_CVE-2023-26112', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:18:56.865Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'name': 'configobj', 'path': '/usr/local/lib/python3.10/site-packages/configobj-5.0.6-py3.10.egg-info/PKG-INFO', 'size': 0, 'type': 'pypi', 'version': '5.0.6'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.)\\).\r\rNote:* This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.\r\r', 'enumeration': 'CVE', 'id': 'CVE-2023-26112', 'reference': 'https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494, https://github.com/DiffSK/configobj/issues/232, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BO4RLMYEJODCNUE3DJIIUUFVTPAG6VN/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZHY7B33EFY4LESP2NI4APQUPRROTAZK/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYU4IHVLOTYMFPH7KDOJGKZQR4GKWPFK/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.9, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24268022b2ec27d13fefb813c03d5fbf78c0bca4_CVE-2022-36087', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:18:56.866Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'name': 'oauthlib', 'path': '/usr/local/lib/python3.10/site-packages/oauthlib-3.2.0.dist-info/METADATA', 'size': 0, 'type': 'pypi', 'version': '3.2.0'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.', 'enumeration': 'CVE', 'id': 'CVE-2022-36087', 'reference': 'https://github.com/oauthlib/oauthlib/security/advisories/GHSA-3pgj-pg6c-r5p7, https://github.com/oauthlib/oauthlib/blob/2b8a44855a51ad5a5b0c348a08c2564a2e197ea2/oauthlib/uri_validate.py, https://github.com/oauthlib/oauthlib/blob/d4bafd9f1d0eba3766e933b1ac598cbbf37b8914/oauthlib/oauth2/rfc6749/grant_types/base.py#L232, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYLYHE5HWF6R2CRLJFUK4PILR47WXOE/, https://github.com/oauthlib/oauthlib/commit/2e40b412c844ecc4673c3fa3f72181f228bdbacd, https://github.com/oauthlib/oauthlib/releases/tag/v3.2.1, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LXOPIA6M57CFQPUT6HHSNXCTV6QA3UDI/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBCQJR3ZF7FVNTJYRVPVSQEQRAYZIUHU/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2CQZM5CKOUM4GW2GTAPQEQFPITQ6F7S/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.7, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_22f4885eff258e0b5d71d96086464c880c264eb0_CVE-2022-2806', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:18:32.594Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Set of tools to gather troubleshooting data from a system', 'name': 'sosreport', 'size': 2708, 'type': 'deb', 'version': '4.3-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev', 'enumeration': 'CVE', 'id': 'CVE-2022-2806', 'reference': 'https://github.com/sosreport/sos/pull/2947', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.5, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}], 'agent3': [], 'agent4': []}} -------------------------------Captured log call-------------------------------- CRITICAL test_vulnerability_detector:test_vulnerability_detector.py:574 Setup test failed for hosts ['agent2', 'agent1']. Check logs for more information CRITICAL test_vulnerability_detector:test_vulnerability_detector.py:575 Evidences: {'agent3': {'evidences': {'alerts_not_found': [], 'states_not_found': [], 'alerts_found': [], 'states_found': [], 'alerts_found_unexpected': [], 'states_found_unexpected': []}, 'checks': {'all_successfull': True}}, 'agent4': {'evidences': {'alerts_not_found': [], 'states_not_found': [], 'alerts_found': [], 'states_found': [], 'alerts_found_unexpected': [], 'states_found_unexpected': []}, 'checks': {'all_successfull': True}}, 'agent2': {'evidences': {'alerts_not_found': [{'CVE': 'CVE-2023-22028', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2023-22026', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2023-22015', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2023-22007', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2023-21980', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2023-21977', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2022-21444', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2022-21417', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2021-22570', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2021-2356', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-15358', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-14852', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-14846', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-14845', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-14839', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-14837', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-14830', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}], 'states_not_found': [{'agent': 'agent2', 'cve': 'CVE-2023-22028', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2023-22026', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2023-22015', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2023-22007', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2023-21980', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2023-21977', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2022-21444', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2022-21417', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2021-22570', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2021-2356', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-15358', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-14852', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-14846', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-14845', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-14839', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-14837', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-14830', 'package_name': 'mysql', 'package_version': '5.5.20'}], 'alerts_found': [], 'states_found': [], 'alerts_found_unexpected': [], 'states_found_unexpected': [], 'all_alerts_found': {'agent1': [], 'agent2': [], 'agent3': [], 'agent4': []}, 'all_alerts_found_mitigated': {'agent1': [], 'agent2': [], 'agent3': [], 'agent4': []}, 'all_states_found': {'agent1': [], 'agent2': [{'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-28487', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.083Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Sudo before 1.9.13 does not escape control characters in sudoreplay output.', 'enumeration': 'CVE', 'id': 'CVE-2023-28487', 'reference': 'https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca, https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13, https://security.gentoo.org/glsa/202309-12, https://security.netapp.com/advisory/ntap-20230420-0002/, https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-28486', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.083Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Sudo before 1.9.13 does not escape control characters in log messages.', 'enumeration': 'CVE', 'id': 'CVE-2023-28486', 'reference': 'https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca, https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13, https://security.gentoo.org/glsa/202309-12, https://security.netapp.com/advisory/ntap-20230420-0002/, https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2022-33070', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.084Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.', 'enumeration': 'CVE', 'id': 'CVE-2022-33070', 'reference': 'https://github.com/protobuf-c/protobuf-c/issues/506, https://github.com/protobuf-c/protobuf-c/pull/508, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFN2GHUEGTSHRD7J5PKQ5DRSJSEQ2IKN/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 4.3, 'version': '2.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-27320', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.084Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Sudo before 1.9.13p2 has a double free in the per-command chroot feature.', 'enumeration': 'CVE', 'id': 'CVE-2023-27320', 'reference': 'https://www.openwall.com/lists/oss-security/2023/02/28/1, http://www.openwall.com/lists/oss-security/2023/03/01/8, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/332KN4QI6QXB7NI7SWSJ2EQJKWIILFN6/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPLXMRAMXC3BYL4DNKVTK3V6JDMUXZ7B/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6VW24YGXJYI4NZ5HZPQCF4MCE7766AU/, https://www.sudo.ws/releases/stable/#1.9.13p2, https://security.gentoo.org/glsa/202309-12, https://security.netapp.com/advisory/ntap-20230413-0009/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 7.2, 'version': '3.1'}, 'severity': 'High'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-22809', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.084Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR=\'vim -- /path/to/extra/file\' value.', 'enumeration': 'CVE', 'id': 'CVE-2023-22809', 'reference': 'http://www.openwall.com/lists/oss-security/2023/01/19/1, https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf, https://www.sudo.ws/security/advisories/sudoedit_any/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4YNBTTKTRT2ME3NTSXAPTOKYUE47XHZ/, http://seclists.org/fulldisclosure/2023/Aug/21, https://lists.debian.org/debian-lts-announce/2023/01/msg00012.html, https://security.gentoo.org/glsa/202305-12, https://security.netapp.com/advisory/ntap-20230127-0015/, https://support.apple.com/kb/HT213758, https://www.debian.org/security/2023/dsa-5321, http://packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.html, http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html, http://packetstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 7.8, 'version': '3.1'}, 'severity': 'High'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_27d6f1422b18a7d11a1a56e2d0aeb85e74d085c3_CVE-2023-4016', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.088Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': '/proc file system utilities', 'name': 'procps', 'size': 1388, 'type': 'deb', 'version': '2:3.3.17-6ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.', 'enumeration': 'CVE', 'id': 'CVE-2023-4016', 'reference': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/, https://gitlab.com/procps-ng/procps', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 2.5, 'version': '3.1'}, 'severity': 'Low'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_241986638cf96bc4672f80578c0cf3a122e58c3f_CVE-2023-26112', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:18:56.865Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'name': 'configobj', 'path': '/usr/local/lib/python3.10/site-packages/configobj-5.0.6-py3.10.egg-info/PKG-INFO', 'size': 0, 'type': 'pypi', 'version': '5.0.6'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.)\\).\r\rNote:* This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.\r\r', 'enumeration': 'CVE', 'id': 'CVE-2023-26112', 'reference': 'https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494, https://github.com/DiffSK/configobj/issues/232, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BO4RLMYEJODCNUE3DJIIUUFVTPAG6VN/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZHY7B33EFY4LESP2NI4APQUPRROTAZK/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYU4IHVLOTYMFPH7KDOJGKZQR4GKWPFK/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.9, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24268022b2ec27d13fefb813c03d5fbf78c0bca4_CVE-2022-36087', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:18:56.866Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'name': 'oauthlib', 'path': '/usr/local/lib/python3.10/site-packages/oauthlib-3.2.0.dist-info/METADATA', 'size': 0, 'type': 'pypi', 'version': '3.2.0'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.', 'enumeration': 'CVE', 'id': 'CVE-2022-36087', 'reference': 'https://github.com/oauthlib/oauthlib/security/advisories/GHSA-3pgj-pg6c-r5p7, https://github.com/oauthlib/oauthlib/blob/2b8a44855a51ad5a5b0c348a08c2564a2e197ea2/oauthlib/uri_validate.py, https://github.com/oauthlib/oauthlib/blob/d4bafd9f1d0eba3766e933b1ac598cbbf37b8914/oauthlib/oauth2/rfc6749/grant_types/base.py#L232, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYLYHE5HWF6R2CRLJFUK4PILR47WXOE/, https://github.com/oauthlib/oauthlib/commit/2e40b412c844ecc4673c3fa3f72181f228bdbacd, https://github.com/oauthlib/oauthlib/releases/tag/v3.2.1, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LXOPIA6M57CFQPUT6HHSNXCTV6QA3UDI/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBCQJR3ZF7FVNTJYRVPVSQEQRAYZIUHU/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2CQZM5CKOUM4GW2GTAPQEQFPITQ6F7S/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.7, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_22f4885eff258e0b5d71d96086464c880c264eb0_CVE-2022-2806', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:18:32.594Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Set of tools to gather troubleshooting data from a system', 'name': 'sosreport', 'size': 2708, 'type': 'deb', 'version': '4.3-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev', 'enumeration': 'CVE', 'id': 'CVE-2022-2806', 'reference': 'https://github.com/sosreport/sos/pull/2947', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.5, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}], 'agent3': [], 'agent4': []}}, 'checks': {'all_successfull': False}}, 'agent1': {'evidences': {'alerts_not_found': [{'CVE': 'CVE-2023-21967', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2023-21954', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2023-21939', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2023-21938', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2023-21937', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2023-21930', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2014-2405', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2014-1876', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2014-0462', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2012-5373', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2012-2739', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}], 'states_not_found': [{'agent': 'agent1', 'cve': 'CVE-2023-21967', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2023-21954', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2023-21939', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2023-21938', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2023-21937', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2023-21930', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2014-2405', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2014-1876', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2014-0462', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2012-5373', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2012-2739', 'package_name': 'openjdk', 'package_version': '1.6.0'}], 'alerts_found': [], 'states_found': [], 'alerts_found_unexpected': [], 'states_found_unexpected': [], 'all_alerts_found': {'agent1': [], 'agent2': [], 'agent3': [], 'agent4': []}, 'all_alerts_found_mitigated': {'agent1': [], 'agent2': [], 'agent3': [], 'agent4': []}, 'all_states_found': {'agent1': [], 'agent2': [{'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-28487', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.083Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Sudo before 1.9.13 does not escape control characters in sudoreplay output.', 'enumeration': 'CVE', 'id': 'CVE-2023-28487', 'reference': 'https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca, https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13, https://security.gentoo.org/glsa/202309-12, https://security.netapp.com/advisory/ntap-20230420-0002/, https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-28486', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.083Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Sudo before 1.9.13 does not escape control characters in log messages.', 'enumeration': 'CVE', 'id': 'CVE-2023-28486', 'reference': 'https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca, https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13, https://security.gentoo.org/glsa/202309-12, https://security.netapp.com/advisory/ntap-20230420-0002/, https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2022-33070', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.084Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.', 'enumeration': 'CVE', 'id': 'CVE-2022-33070', 'reference': 'https://github.com/protobuf-c/protobuf-c/issues/506, https://github.com/protobuf-c/protobuf-c/pull/508, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFN2GHUEGTSHRD7J5PKQ5DRSJSEQ2IKN/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 4.3, 'version': '2.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-27320', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.084Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Sudo before 1.9.13p2 has a double free in the per-command chroot feature.', 'enumeration': 'CVE', 'id': 'CVE-2023-27320', 'reference': 'https://www.openwall.com/lists/oss-security/2023/02/28/1, http://www.openwall.com/lists/oss-security/2023/03/01/8, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/332KN4QI6QXB7NI7SWSJ2EQJKWIILFN6/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPLXMRAMXC3BYL4DNKVTK3V6JDMUXZ7B/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6VW24YGXJYI4NZ5HZPQCF4MCE7766AU/, https://www.sudo.ws/releases/stable/#1.9.13p2, https://security.gentoo.org/glsa/202309-12, https://security.netapp.com/advisory/ntap-20230413-0009/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 7.2, 'version': '3.1'}, 'severity': 'High'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-22809', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.084Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR=\'vim -- /path/to/extra/file\' value.', 'enumeration': 'CVE', 'id': 'CVE-2023-22809', 'reference': 'http://www.openwall.com/lists/oss-security/2023/01/19/1, https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf, https://www.sudo.ws/security/advisories/sudoedit_any/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4YNBTTKTRT2ME3NTSXAPTOKYUE47XHZ/, http://seclists.org/fulldisclosure/2023/Aug/21, https://lists.debian.org/debian-lts-announce/2023/01/msg00012.html, https://security.gentoo.org/glsa/202305-12, https://security.netapp.com/advisory/ntap-20230127-0015/, https://support.apple.com/kb/HT213758, https://www.debian.org/security/2023/dsa-5321, http://packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.html, http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html, http://packetstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 7.8, 'version': '3.1'}, 'severity': 'High'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_27d6f1422b18a7d11a1a56e2d0aeb85e74d085c3_CVE-2023-4016', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.088Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': '/proc file system utilities', 'name': 'procps', 'size': 1388, 'type': 'deb', 'version': '2:3.3.17-6ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.', 'enumeration': 'CVE', 'id': 'CVE-2023-4016', 'reference': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/, https://gitlab.com/procps-ng/procps', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 2.5, 'version': '3.1'}, 'severity': 'Low'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_241986638cf96bc4672f80578c0cf3a122e58c3f_CVE-2023-26112', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:18:56.865Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'name': 'configobj', 'path': '/usr/local/lib/python3.10/site-packages/configobj-5.0.6-py3.10.egg-info/PKG-INFO', 'size': 0, 'type': 'pypi', 'version': '5.0.6'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.)\\).\r\rNote:* This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.\r\r', 'enumeration': 'CVE', 'id': 'CVE-2023-26112', 'reference': 'https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494, https://github.com/DiffSK/configobj/issues/232, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BO4RLMYEJODCNUE3DJIIUUFVTPAG6VN/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZHY7B33EFY4LESP2NI4APQUPRROTAZK/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYU4IHVLOTYMFPH7KDOJGKZQR4GKWPFK/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.9, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24268022b2ec27d13fefb813c03d5fbf78c0bca4_CVE-2022-36087', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:18:56.866Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'name': 'oauthlib', 'path': '/usr/local/lib/python3.10/site-packages/oauthlib-3.2.0.dist-info/METADATA', 'size': 0, 'type': 'pypi', 'version': '3.2.0'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.', 'enumeration': 'CVE', 'id': 'CVE-2022-36087', 'reference': 'https://github.com/oauthlib/oauthlib/security/advisories/GHSA-3pgj-pg6c-r5p7, https://github.com/oauthlib/oauthlib/blob/2b8a44855a51ad5a5b0c348a08c2564a2e197ea2/oauthlib/uri_validate.py, https://github.com/oauthlib/oauthlib/blob/d4bafd9f1d0eba3766e933b1ac598cbbf37b8914/oauthlib/oauth2/rfc6749/grant_types/base.py#L232, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYLYHE5HWF6R2CRLJFUK4PILR47WXOE/, https://github.com/oauthlib/oauthlib/commit/2e40b412c844ecc4673c3fa3f72181f228bdbacd, https://github.com/oauthlib/oauthlib/releases/tag/v3.2.1, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LXOPIA6M57CFQPUT6HHSNXCTV6QA3UDI/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBCQJR3ZF7FVNTJYRVPVSQEQRAYZIUHU/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2CQZM5CKOUM4GW2GTAPQEQFPITQ6F7S/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.7, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_22f4885eff258e0b5d71d96086464c880c264eb0_CVE-2022-2806', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:18:32.594Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Set of tools to gather troubleshooting data from a system', 'name': 'sosreport', 'size': 2708, 'type': 'deb', 'version': '4.3-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev', 'enumeration': 'CVE', 'id': 'CVE-2022-2806', 'reference': 'https://github.com/sosreport/sos/pull/2947', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.5, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}], 'agent3': [], 'agent4': []}}, 'checks': {'all_successfull': False}}} CRITICAL test_vulnerability_detector:test_vulnerability_detector.py:576 Ignoring these hosts for the rest of the test CRITICAL test_vulnerability_detector:test_vulnerability_detector.py:578 Starting scan cases tests CRITICAL test_vulnerability_detector:test_vulnerability_detector.py:579 Case Info: {'tasks': [{'operation': 'update_package', 'target': 'agent', 'check': {'alerts': True, 'state_index': True}, 'package': {'from': {'centos': {'amd64': 'openjdk-1.6.0'}, 'ubuntu': {'amd64': 'mysql-5.5.20'}, 'windows': {'amd64': 'node-v17.0.1'}, 'macos': {'amd64': 'node-v17.0.1', 'arm64v8': 'node-v17.0.1'}}, 'to': {'centos': {'amd64': 'openjdk-1.7.0'}, 'ubuntu': {'amd64': 'mysql-5.5.21'}, 'windows': {'amd64': 'node-v17.1.0'}, 'macos': {'amd64': 'node-v17.1.0', 'arm64v8': 'node-v17.1.0'}}}}]} ERROR root:remote_operations_handler.py:333 Error: Package for centos and arm64v8 not found ERROR root:remote_operations_handler.py:333 Error: Package for ubuntu and arm64v8 not found ERROR root:remote_operations_handler.py:368 Error: Package for centos and arm64v8 not found ERROR root:remote_operations_handler.py:368 Error: Package for ubuntu and arm64v8 not found CRITICAL test_vulnerability_detector:test_vulnerability_detector.py:604 Final Results -----------------------------Captured log teardown------------------------------ ERROR test_vulnerability_detector:test_vulnerability_detector.py:171 Truncate managers and agents logs ERROR test_vulnerability_detector:test_vulnerability_detector.py:174 Restoring original configuration ERROR test_vulnerability_detector:test_vulnerability_detector.py:177 Restarting environment

-------------------------------Captured log setup-------------------------------
ERROR root:remote_operations_handler.py:198 Error: Package for centos and arm64v8 not found ERROR root:remote_operations_handler.py:198 Error: Package for ubuntu and arm64v8 not found CRITICAL root:conftest.py:164 Test failed for host agent2. Check logs for more information CRITICAL root:conftest.py:165 Evidences: {'alerts_not_found': [{'CVE': 'CVE-2023-22028', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2023-22026', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2023-22015', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2023-22007', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2023-21980', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2023-21977', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2022-21444', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2022-21417', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2021-22570', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2021-2356', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-15358', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-14852', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-14846', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-14845', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-14839', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-14837', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-14830', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}], 'states_not_found': [{'agent': 'agent2', 'cve': 'CVE-2023-22028', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2023-22026', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2023-22015', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2023-22007', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2023-21980', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2023-21977', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2022-21444', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2022-21417', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2021-22570', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2021-2356', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-15358', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-14852', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-14846', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-14845', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-14839', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-14837', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-14830', 'package_name': 'mysql', 'package_version': '5.5.20'}], 'alerts_found': [], 'states_found': [], 'alerts_found_unexpected': [], 'states_found_unexpected': [], 'all_alerts_found': {'agent1': [], 'agent2': [], 'agent3': [], 'agent4': []}, 'all_alerts_found_mitigated': {'agent1': [], 'agent2': [], 'agent3': [], 'agent4': []}, 'all_states_found': {'agent1': [], 'agent2': [{'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-28487', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.083Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Sudo before 1.9.13 does not escape control characters in sudoreplay output.', 'enumeration': 'CVE', 'id': 'CVE-2023-28487', 'reference': 'https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca, https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13, https://security.gentoo.org/glsa/202309-12, https://security.netapp.com/advisory/ntap-20230420-0002/, https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-28486', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.083Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Sudo before 1.9.13 does not escape control characters in log messages.', 'enumeration': 'CVE', 'id': 'CVE-2023-28486', 'reference': 'https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca, https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13, https://security.gentoo.org/glsa/202309-12, https://security.netapp.com/advisory/ntap-20230420-0002/, https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2022-33070', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.084Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.', 'enumeration': 'CVE', 'id': 'CVE-2022-33070', 'reference': 'https://github.com/protobuf-c/protobuf-c/issues/506, https://github.com/protobuf-c/protobuf-c/pull/508, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFN2GHUEGTSHRD7J5PKQ5DRSJSEQ2IKN/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 4.3, 'version': '2.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-27320', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.084Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Sudo before 1.9.13p2 has a double free in the per-command chroot feature.', 'enumeration': 'CVE', 'id': 'CVE-2023-27320', 'reference': 'https://www.openwall.com/lists/oss-security/2023/02/28/1, http://www.openwall.com/lists/oss-security/2023/03/01/8, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/332KN4QI6QXB7NI7SWSJ2EQJKWIILFN6/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPLXMRAMXC3BYL4DNKVTK3V6JDMUXZ7B/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6VW24YGXJYI4NZ5HZPQCF4MCE7766AU/, https://www.sudo.ws/releases/stable/#1.9.13p2, https://security.gentoo.org/glsa/202309-12, https://security.netapp.com/advisory/ntap-20230413-0009/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 7.2, 'version': '3.1'}, 'severity': 'High'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-22809', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.084Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR=\'vim -- /path/to/extra/file\' value.', 'enumeration': 'CVE', 'id': 'CVE-2023-22809', 'reference': 'http://www.openwall.com/lists/oss-security/2023/01/19/1, https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf, https://www.sudo.ws/security/advisories/sudoedit_any/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4YNBTTKTRT2ME3NTSXAPTOKYUE47XHZ/, http://seclists.org/fulldisclosure/2023/Aug/21, https://lists.debian.org/debian-lts-announce/2023/01/msg00012.html, https://security.gentoo.org/glsa/202305-12, https://security.netapp.com/advisory/ntap-20230127-0015/, https://support.apple.com/kb/HT213758, https://www.debian.org/security/2023/dsa-5321, http://packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.html, http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html, http://packetstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 7.8, 'version': '3.1'}, 'severity': 'High'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_27d6f1422b18a7d11a1a56e2d0aeb85e74d085c3_CVE-2023-4016', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.088Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': '/proc file system utilities', 'name': 'procps', 'size': 1388, 'type': 'deb', 'version': '2:3.3.17-6ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.', 'enumeration': 'CVE', 'id': 'CVE-2023-4016', 'reference': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/, https://gitlab.com/procps-ng/procps', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 2.5, 'version': '3.1'}, 'severity': 'Low'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_241986638cf96bc4672f80578c0cf3a122e58c3f_CVE-2023-26112', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:18:56.865Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'name': 'configobj', 'path': '/usr/local/lib/python3.10/site-packages/configobj-5.0.6-py3.10.egg-info/PKG-INFO', 'size': 0, 'type': 'pypi', 'version': '5.0.6'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\).\r\r**Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.\r\r', 'enumeration': 'CVE', 'id': 'CVE-2023-26112', 'reference': 'https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494, https://github.com/DiffSK/configobj/issues/232, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BO4RLMYEJODCNUE3DJIIUUFVTPAG6VN/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZHY7B33EFY4LESP2NI4APQUPRROTAZK/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYU4IHVLOTYMFPH7KDOJGKZQR4GKWPFK/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.9, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24268022b2ec27d13fefb813c03d5fbf78c0bca4_CVE-2022-36087', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:18:56.866Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'name': 'oauthlib', 'path': '/usr/local/lib/python3.10/site-packages/oauthlib-3.2.0.dist-info/METADATA', 'size': 0, 'type': 'pypi', 'version': '3.2.0'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.', 'enumeration': 'CVE', 'id': 'CVE-2022-36087', 'reference': 'https://github.com/oauthlib/oauthlib/security/advisories/GHSA-3pgj-pg6c-r5p7, https://github.com/oauthlib/oauthlib/blob/2b8a44855a51ad5a5b0c348a08c2564a2e197ea2/oauthlib/uri_validate.py, https://github.com/oauthlib/oauthlib/blob/d4bafd9f1d0eba3766e933b1ac598cbbf37b8914/oauthlib/oauth2/rfc6749/grant_types/base.py#L232, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYLYHE5HWF6R2CRLJFUK4PILR47WXOE/, https://github.com/oauthlib/oauthlib/commit/2e40b412c844ecc4673c3fa3f72181f228bdbacd, https://github.com/oauthlib/oauthlib/releases/tag/v3.2.1, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LXOPIA6M57CFQPUT6HHSNXCTV6QA3UDI/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBCQJR3ZF7FVNTJYRVPVSQEQRAYZIUHU/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2CQZM5CKOUM4GW2GTAPQEQFPITQ6F7S/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.7, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_22f4885eff258e0b5d71d96086464c880c264eb0_CVE-2022-2806', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:18:32.594Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Set of tools to gather troubleshooting data from a system', 'name': 'sosreport', 'size': 2708, 'type': 'deb', 'version': '4.3-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev', 'enumeration': 'CVE', 'id': 'CVE-2022-2806', 'reference': 'https://github.com/sosreport/sos/pull/2947', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.5, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}], 'agent3': [], 'agent4': []}} CRITICAL root:conftest.py:164 Test failed for host agent1. Check logs for more information CRITICAL root:conftest.py:165 Evidences: {'alerts_not_found': [{'CVE': 'CVE-2023-21967', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2023-21954', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2023-21939', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2023-21938', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2023-21937', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2023-21930', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2014-2405', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2014-1876', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2014-0462', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2012-5373', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2012-2739', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}], 'states_not_found': [{'agent': 'agent1', 'cve': 'CVE-2023-21967', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2023-21954', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2023-21939', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2023-21938', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2023-21937', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2023-21930', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2014-2405', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2014-1876', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2014-0462', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2012-5373', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2012-2739', 'package_name': 'openjdk', 'package_version': '1.6.0'}], 'alerts_found': [], 'states_found': [], 'alerts_found_unexpected': [], 'states_found_unexpected': [], 'all_alerts_found': {'agent1': [], 'agent2': [], 'agent3': [], 'agent4': []}, 'all_alerts_found_mitigated': {'agent1': [], 'agent2': [], 'agent3': [], 'agent4': []}, 'all_states_found': {'agent1': [], 'agent2': [{'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-28487', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.083Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Sudo before 1.9.13 does not escape control characters in sudoreplay output.', 'enumeration': 'CVE', 'id': 'CVE-2023-28487', 'reference': 'https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca, https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13, https://security.gentoo.org/glsa/202309-12, https://security.netapp.com/advisory/ntap-20230420-0002/, https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-28486', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.083Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Sudo before 1.9.13 does not escape control characters in log messages.', 'enumeration': 'CVE', 'id': 'CVE-2023-28486', 'reference': 'https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca, https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13, https://security.gentoo.org/glsa/202309-12, https://security.netapp.com/advisory/ntap-20230420-0002/, https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2022-33070', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.084Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.', 'enumeration': 'CVE', 'id': 'CVE-2022-33070', 'reference': 'https://github.com/protobuf-c/protobuf-c/issues/506, https://github.com/protobuf-c/protobuf-c/pull/508, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFN2GHUEGTSHRD7J5PKQ5DRSJSEQ2IKN/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 4.3, 'version': '2.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-27320', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.084Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Sudo before 1.9.13p2 has a double free in the per-command chroot feature.', 'enumeration': 'CVE', 'id': 'CVE-2023-27320', 'reference': 'https://www.openwall.com/lists/oss-security/2023/02/28/1, http://www.openwall.com/lists/oss-security/2023/03/01/8, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/332KN4QI6QXB7NI7SWSJ2EQJKWIILFN6/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPLXMRAMXC3BYL4DNKVTK3V6JDMUXZ7B/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6VW24YGXJYI4NZ5HZPQCF4MCE7766AU/, https://www.sudo.ws/releases/stable/#1.9.13p2, https://security.gentoo.org/glsa/202309-12, https://security.netapp.com/advisory/ntap-20230413-0009/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 7.2, 'version': '3.1'}, 'severity': 'High'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-22809', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.084Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR=\'vim -- /path/to/extra/file\' value.', 'enumeration': 'CVE', 'id': 'CVE-2023-22809', 'reference': 'http://www.openwall.com/lists/oss-security/2023/01/19/1, https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf, https://www.sudo.ws/security/advisories/sudoedit_any/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4YNBTTKTRT2ME3NTSXAPTOKYUE47XHZ/, http://seclists.org/fulldisclosure/2023/Aug/21, https://lists.debian.org/debian-lts-announce/2023/01/msg00012.html, https://security.gentoo.org/glsa/202305-12, https://security.netapp.com/advisory/ntap-20230127-0015/, https://support.apple.com/kb/HT213758, https://www.debian.org/security/2023/dsa-5321, http://packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.html, http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html, http://packetstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 7.8, 'version': '3.1'}, 'severity': 'High'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_27d6f1422b18a7d11a1a56e2d0aeb85e74d085c3_CVE-2023-4016', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.088Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': '/proc file system utilities', 'name': 'procps', 'size': 1388, 'type': 'deb', 'version': '2:3.3.17-6ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.', 'enumeration': 'CVE', 'id': 'CVE-2023-4016', 'reference': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/, https://gitlab.com/procps-ng/procps', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 2.5, 'version': '3.1'}, 'severity': 'Low'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_241986638cf96bc4672f80578c0cf3a122e58c3f_CVE-2023-26112', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:18:56.865Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'name': 'configobj', 'path': '/usr/local/lib/python3.10/site-packages/configobj-5.0.6-py3.10.egg-info/PKG-INFO', 'size': 0, 'type': 'pypi', 'version': '5.0.6'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\).\r\r**Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.\r\r', 'enumeration': 'CVE', 'id': 'CVE-2023-26112', 'reference': 'https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494, https://github.com/DiffSK/configobj/issues/232, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BO4RLMYEJODCNUE3DJIIUUFVTPAG6VN/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZHY7B33EFY4LESP2NI4APQUPRROTAZK/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYU4IHVLOTYMFPH7KDOJGKZQR4GKWPFK/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.9, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24268022b2ec27d13fefb813c03d5fbf78c0bca4_CVE-2022-36087', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:18:56.866Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'name': 'oauthlib', 'path': '/usr/local/lib/python3.10/site-packages/oauthlib-3.2.0.dist-info/METADATA', 'size': 0, 'type': 'pypi', 'version': '3.2.0'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.', 'enumeration': 'CVE', 'id': 'CVE-2022-36087', 'reference': 'https://github.com/oauthlib/oauthlib/security/advisories/GHSA-3pgj-pg6c-r5p7, https://github.com/oauthlib/oauthlib/blob/2b8a44855a51ad5a5b0c348a08c2564a2e197ea2/oauthlib/uri_validate.py, https://github.com/oauthlib/oauthlib/blob/d4bafd9f1d0eba3766e933b1ac598cbbf37b8914/oauthlib/oauth2/rfc6749/grant_types/base.py#L232, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYLYHE5HWF6R2CRLJFUK4PILR47WXOE/, https://github.com/oauthlib/oauthlib/commit/2e40b412c844ecc4673c3fa3f72181f228bdbacd, https://github.com/oauthlib/oauthlib/releases/tag/v3.2.1, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LXOPIA6M57CFQPUT6HHSNXCTV6QA3UDI/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBCQJR3ZF7FVNTJYRVPVSQEQRAYZIUHU/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2CQZM5CKOUM4GW2GTAPQEQFPITQ6F7S/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.7, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_22f4885eff258e0b5d71d96086464c880c264eb0_CVE-2022-2806', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:18:32.594Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Set of tools to gather troubleshooting data from a system', 'name': 'sosreport', 'size': 2708, 'type': 'deb', 'version': '4.3-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev', 'enumeration': 'CVE', 'id': 'CVE-2022-2806', 'reference': 'https://github.com/sosreport/sos/pull/2947', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.5, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}], 'agent3': [], 'agent4': []}}
-------------------------------Captured log call--------------------------------
CRITICAL test_vulnerability_detector:test_vulnerability_detector.py:574 Setup test failed for hosts ['agent2', 'agent1']. Check logs for more information CRITICAL test_vulnerability_detector:test_vulnerability_detector.py:575 Evidences: {'agent3': {'evidences': {'alerts_not_found': [], 'states_not_found': [], 'alerts_found': [], 'states_found': [], 'alerts_found_unexpected': [], 'states_found_unexpected': []}, 'checks': {'all_successfull': True}}, 'agent4': {'evidences': {'alerts_not_found': [], 'states_not_found': [], 'alerts_found': [], 'states_found': [], 'alerts_found_unexpected': [], 'states_found_unexpected': []}, 'checks': {'all_successfull': True}}, 'agent2': {'evidences': {'alerts_not_found': [{'CVE': 'CVE-2023-22028', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2023-22026', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2023-22015', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2023-22007', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2023-21980', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2023-21977', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2022-21444', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2022-21417', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2021-22570', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2021-2356', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-15358', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-14852', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-14846', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-14845', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-14839', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-14837', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}, {'CVE': 'CVE-2020-14830', 'PACKAGE_NAME': 'mysql', 'PACKAGE_VERSION': '5.5.20'}], 'states_not_found': [{'agent': 'agent2', 'cve': 'CVE-2023-22028', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2023-22026', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2023-22015', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2023-22007', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2023-21980', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2023-21977', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2022-21444', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2022-21417', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2021-22570', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2021-2356', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-15358', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-14852', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-14846', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-14845', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-14839', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-14837', 'package_name': 'mysql', 'package_version': '5.5.20'}, {'agent': 'agent2', 'cve': 'CVE-2020-14830', 'package_name': 'mysql', 'package_version': '5.5.20'}], 'alerts_found': [], 'states_found': [], 'alerts_found_unexpected': [], 'states_found_unexpected': [], 'all_alerts_found': {'agent1': [], 'agent2': [], 'agent3': [], 'agent4': []}, 'all_alerts_found_mitigated': {'agent1': [], 'agent2': [], 'agent3': [], 'agent4': []}, 'all_states_found': {'agent1': [], 'agent2': [{'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-28487', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.083Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Sudo before 1.9.13 does not escape control characters in sudoreplay output.', 'enumeration': 'CVE', 'id': 'CVE-2023-28487', 'reference': 'https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca, https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13, https://security.gentoo.org/glsa/202309-12, https://security.netapp.com/advisory/ntap-20230420-0002/, https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-28486', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.083Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Sudo before 1.9.13 does not escape control characters in log messages.', 'enumeration': 'CVE', 'id': 'CVE-2023-28486', 'reference': 'https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca, https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13, https://security.gentoo.org/glsa/202309-12, https://security.netapp.com/advisory/ntap-20230420-0002/, https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2022-33070', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.084Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.', 'enumeration': 'CVE', 'id': 'CVE-2022-33070', 'reference': 'https://github.com/protobuf-c/protobuf-c/issues/506, https://github.com/protobuf-c/protobuf-c/pull/508, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFN2GHUEGTSHRD7J5PKQ5DRSJSEQ2IKN/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 4.3, 'version': '2.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-27320', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.084Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Sudo before 1.9.13p2 has a double free in the per-command chroot feature.', 'enumeration': 'CVE', 'id': 'CVE-2023-27320', 'reference': 'https://www.openwall.com/lists/oss-security/2023/02/28/1, http://www.openwall.com/lists/oss-security/2023/03/01/8, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/332KN4QI6QXB7NI7SWSJ2EQJKWIILFN6/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPLXMRAMXC3BYL4DNKVTK3V6JDMUXZ7B/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6VW24YGXJYI4NZ5HZPQCF4MCE7766AU/, https://www.sudo.ws/releases/stable/#1.9.13p2, https://security.gentoo.org/glsa/202309-12, https://security.netapp.com/advisory/ntap-20230413-0009/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 7.2, 'version': '3.1'}, 'severity': 'High'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-22809', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.084Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR=\'vim -- /path/to/extra/file\' value.', 'enumeration': 'CVE', 'id': 'CVE-2023-22809', 'reference': 'http://www.openwall.com/lists/oss-security/2023/01/19/1, https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf, https://www.sudo.ws/security/advisories/sudoedit_any/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4YNBTTKTRT2ME3NTSXAPTOKYUE47XHZ/, http://seclists.org/fulldisclosure/2023/Aug/21, https://lists.debian.org/debian-lts-announce/2023/01/msg00012.html, https://security.gentoo.org/glsa/202305-12, https://security.netapp.com/advisory/ntap-20230127-0015/, https://support.apple.com/kb/HT213758, https://www.debian.org/security/2023/dsa-5321, http://packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.html, http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html, http://packetstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 7.8, 'version': '3.1'}, 'severity': 'High'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_27d6f1422b18a7d11a1a56e2d0aeb85e74d085c3_CVE-2023-4016', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.088Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': '/proc file system utilities', 'name': 'procps', 'size': 1388, 'type': 'deb', 'version': '2:3.3.17-6ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.', 'enumeration': 'CVE', 'id': 'CVE-2023-4016', 'reference': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/, https://gitlab.com/procps-ng/procps', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 2.5, 'version': '3.1'}, 'severity': 'Low'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_241986638cf96bc4672f80578c0cf3a122e58c3f_CVE-2023-26112', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:18:56.865Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'name': 'configobj', 'path': '/usr/local/lib/python3.10/site-packages/configobj-5.0.6-py3.10.egg-info/PKG-INFO', 'size': 0, 'type': 'pypi', 'version': '5.0.6'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\).\r\r**Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.\r\r', 'enumeration': 'CVE', 'id': 'CVE-2023-26112', 'reference': 'https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494, https://github.com/DiffSK/configobj/issues/232, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BO4RLMYEJODCNUE3DJIIUUFVTPAG6VN/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZHY7B33EFY4LESP2NI4APQUPRROTAZK/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYU4IHVLOTYMFPH7KDOJGKZQR4GKWPFK/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.9, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24268022b2ec27d13fefb813c03d5fbf78c0bca4_CVE-2022-36087', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:18:56.866Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'name': 'oauthlib', 'path': '/usr/local/lib/python3.10/site-packages/oauthlib-3.2.0.dist-info/METADATA', 'size': 0, 'type': 'pypi', 'version': '3.2.0'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.', 'enumeration': 'CVE', 'id': 'CVE-2022-36087', 'reference': 'https://github.com/oauthlib/oauthlib/security/advisories/GHSA-3pgj-pg6c-r5p7, https://github.com/oauthlib/oauthlib/blob/2b8a44855a51ad5a5b0c348a08c2564a2e197ea2/oauthlib/uri_validate.py, https://github.com/oauthlib/oauthlib/blob/d4bafd9f1d0eba3766e933b1ac598cbbf37b8914/oauthlib/oauth2/rfc6749/grant_types/base.py#L232, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYLYHE5HWF6R2CRLJFUK4PILR47WXOE/, https://github.com/oauthlib/oauthlib/commit/2e40b412c844ecc4673c3fa3f72181f228bdbacd, https://github.com/oauthlib/oauthlib/releases/tag/v3.2.1, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LXOPIA6M57CFQPUT6HHSNXCTV6QA3UDI/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBCQJR3ZF7FVNTJYRVPVSQEQRAYZIUHU/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2CQZM5CKOUM4GW2GTAPQEQFPITQ6F7S/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.7, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_22f4885eff258e0b5d71d96086464c880c264eb0_CVE-2022-2806', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:18:32.594Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Set of tools to gather troubleshooting data from a system', 'name': 'sosreport', 'size': 2708, 'type': 'deb', 'version': '4.3-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev', 'enumeration': 'CVE', 'id': 'CVE-2022-2806', 'reference': 'https://github.com/sosreport/sos/pull/2947', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.5, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}], 'agent3': [], 'agent4': []}}, 'checks': {'all_successfull': False}}, 'agent1': {'evidences': {'alerts_not_found': [{'CVE': 'CVE-2023-21967', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2023-21954', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2023-21939', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2023-21938', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2023-21937', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2023-21930', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2014-2405', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2014-1876', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2014-0462', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2012-5373', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}, {'CVE': 'CVE-2012-2739', 'PACKAGE_NAME': 'openjdk', 'PACKAGE_VERSION': '1.6.0'}], 'states_not_found': [{'agent': 'agent1', 'cve': 'CVE-2023-21967', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2023-21954', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2023-21939', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2023-21938', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2023-21937', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2023-21930', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2014-2405', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2014-1876', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2014-0462', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2012-5373', 'package_name': 'openjdk', 'package_version': '1.6.0'}, {'agent': 'agent1', 'cve': 'CVE-2012-2739', 'package_name': 'openjdk', 'package_version': '1.6.0'}], 'alerts_found': [], 'states_found': [], 'alerts_found_unexpected': [], 'states_found_unexpected': [], 'all_alerts_found': {'agent1': [], 'agent2': [], 'agent3': [], 'agent4': []}, 'all_alerts_found_mitigated': {'agent1': [], 'agent2': [], 'agent3': [], 'agent4': []}, 'all_states_found': {'agent1': [], 'agent2': [{'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-28487', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.083Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Sudo before 1.9.13 does not escape control characters in sudoreplay output.', 'enumeration': 'CVE', 'id': 'CVE-2023-28487', 'reference': 'https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca, https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13, https://security.gentoo.org/glsa/202309-12, https://security.netapp.com/advisory/ntap-20230420-0002/, https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-28486', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.083Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Sudo before 1.9.13 does not escape control characters in log messages.', 'enumeration': 'CVE', 'id': 'CVE-2023-28486', 'reference': 'https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca, https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13, https://security.gentoo.org/glsa/202309-12, https://security.netapp.com/advisory/ntap-20230420-0002/, https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.3, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2022-33070', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.084Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.', 'enumeration': 'CVE', 'id': 'CVE-2022-33070', 'reference': 'https://github.com/protobuf-c/protobuf-c/issues/506, https://github.com/protobuf-c/protobuf-c/pull/508, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFN2GHUEGTSHRD7J5PKQ5DRSJSEQ2IKN/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 4.3, 'version': '2.0'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-27320', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.084Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Sudo before 1.9.13p2 has a double free in the per-command chroot feature.', 'enumeration': 'CVE', 'id': 'CVE-2023-27320', 'reference': 'https://www.openwall.com/lists/oss-security/2023/02/28/1, http://www.openwall.com/lists/oss-security/2023/03/01/8, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/332KN4QI6QXB7NI7SWSJ2EQJKWIILFN6/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPLXMRAMXC3BYL4DNKVTK3V6JDMUXZ7B/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6VW24YGXJYI4NZ5HZPQCF4MCE7766AU/, https://www.sudo.ws/releases/stable/#1.9.13p2, https://security.gentoo.org/glsa/202309-12, https://security.netapp.com/advisory/ntap-20230413-0009/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 7.2, 'version': '3.1'}, 'severity': 'High'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24b9d92bdaeabe58dce181482977548fd99f3d8c_CVE-2023-22809', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.084Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Provide limited super user privileges to specific users', 'name': 'sudo', 'size': 2504, 'type': 'deb', 'version': '1.9.9-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR=\'vim -- /path/to/extra/file\' value.', 'enumeration': 'CVE', 'id': 'CVE-2023-22809', 'reference': 'http://www.openwall.com/lists/oss-security/2023/01/19/1, https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf, https://www.sudo.ws/security/advisories/sudoedit_any/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH/, https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4YNBTTKTRT2ME3NTSXAPTOKYUE47XHZ/, http://seclists.org/fulldisclosure/2023/Aug/21, https://lists.debian.org/debian-lts-announce/2023/01/msg00012.html, https://security.gentoo.org/glsa/202305-12, https://security.netapp.com/advisory/ntap-20230127-0015/, https://support.apple.com/kb/HT213758, https://www.debian.org/security/2023/dsa-5321, http://packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.html, http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html, http://packetstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.html', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 7.8, 'version': '3.1'}, 'severity': 'High'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_27d6f1422b18a7d11a1a56e2d0aeb85e74d085c3_CVE-2023-4016', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:19:41.088Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': '/proc file system utilities', 'name': 'procps', 'size': 1388, 'type': 'deb', 'version': '2:3.3.17-6ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.', 'enumeration': 'CVE', 'id': 'CVE-2023-4016', 'reference': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/, https://gitlab.com/procps-ng/procps', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 2.5, 'version': '3.1'}, 'severity': 'Low'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_241986638cf96bc4672f80578c0cf3a122e58c3f_CVE-2023-26112', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:18:56.865Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'name': 'configobj', 'path': '/usr/local/lib/python3.10/site-packages/configobj-5.0.6-py3.10.egg-info/PKG-INFO', 'size': 0, 'type': 'pypi', 'version': '5.0.6'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\).\r\r**Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.\r\r', 'enumeration': 'CVE', 'id': 'CVE-2023-26112', 'reference': 'https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494, https://github.com/DiffSK/configobj/issues/232, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BO4RLMYEJODCNUE3DJIIUUFVTPAG6VN/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZHY7B33EFY4LESP2NI4APQUPRROTAZK/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYU4IHVLOTYMFPH7KDOJGKZQR4GKWPFK/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.9, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_24268022b2ec27d13fefb813c03d5fbf78c0bca4_CVE-2022-36087', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:18:56.866Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'name': 'oauthlib', 'path': '/usr/local/lib/python3.10/site-packages/oauthlib-3.2.0.dist-info/METADATA', 'size': 0, 'type': 'pypi', 'version': '3.2.0'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.', 'enumeration': 'CVE', 'id': 'CVE-2022-36087', 'reference': 'https://github.com/oauthlib/oauthlib/security/advisories/GHSA-3pgj-pg6c-r5p7, https://github.com/oauthlib/oauthlib/blob/2b8a44855a51ad5a5b0c348a08c2564a2e197ea2/oauthlib/uri_validate.py, https://github.com/oauthlib/oauthlib/blob/d4bafd9f1d0eba3766e933b1ac598cbbf37b8914/oauthlib/oauth2/rfc6749/grant_types/base.py#L232, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYLYHE5HWF6R2CRLJFUK4PILR47WXOE/, https://github.com/oauthlib/oauthlib/commit/2e40b412c844ecc4673c3fa3f72181f228bdbacd, https://github.com/oauthlib/oauthlib/releases/tag/v3.2.1, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LXOPIA6M57CFQPUT6HHSNXCTV6QA3UDI/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBCQJR3ZF7FVNTJYRVPVSQEQRAYZIUHU/, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2CQZM5CKOUM4GW2GTAPQEQFPITQ6F7S/', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.7, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}, {'_index': 'wazuh-states-vulnerabilities', '_id': 'manager2_014_22f4885eff258e0b5d71d96086464c880c264eb0_CVE-2022-2806', '_score': 4.0661054, '_source': {'@timestamp': '2024-03-27T15:18:32.594Z', 'agent': {'ephemeral_id': 'manager2', 'id': '014', 'name': 'agent2', 'type': 'wazuh', 'version': 'v4.8.0'}, 'host': {'os': {'full': 'Ubuntu 22.04 LTS (Jammy Jellyfish)', 'kernel': '5.15.0-1015-aws', 'name': 'Ubuntu', 'platform': 'ubuntu', 'type': 'ubuntu', 'version': '22.04'}}, 'package': {'architecture': 'amd64', 'description': 'Set of tools to gather troubleshooting data from a system', 'name': 'sosreport', 'size': 2708, 'type': 'deb', 'version': '4.3-1ubuntu2'}, 'vulnerability': {'category': 'Packages', 'classification': 'CVSS', 'description': 'It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev', 'enumeration': 'CVE', 'id': 'CVE-2022-2806', 'reference': 'https://github.com/sosreport/sos/pull/2947', 'scanner': {'vendor': 'Wazuh'}, 'score': {'base': 5.5, 'version': '3.1'}, 'severity': 'Medium'}, 'wazuh': {'cluster': {'name': 'wazuh'}, 'manager': {'name': 'ip-172-31-9-169'}, 'schema': {'version': '1.0.0'}}}}], 'agent3': [], 'agent4': []}}, 'checks': {'all_successfull': False}}} CRITICAL test_vulnerability_detector:test_vulnerability_detector.py:576 Ignoring these hosts for the rest of the test CRITICAL test_vulnerability_detector:test_vulnerability_detector.py:578 Starting scan cases tests CRITICAL test_vulnerability_detector:test_vulnerability_detector.py:579 Case Info: {'tasks': [{'operation': 'update_package', 'target': 'agent', 'check': {'alerts': True, 'state_index': True}, 'package': {'from': {'centos': {'amd64': 'openjdk-1.6.0'}, 'ubuntu': {'amd64': 'mysql-5.5.20'}, 'windows': {'amd64': 'node-v17.0.1'}, 'macos': {'amd64': 'node-v17.0.1', 'arm64v8': 'node-v17.0.1'}}, 'to': {'centos': {'amd64': 'openjdk-1.7.0'}, 'ubuntu': {'amd64': 'mysql-5.5.21'}, 'windows': {'amd64': 'node-v17.1.0'}, 'macos': {'amd64': 'node-v17.1.0', 'arm64v8': 'node-v17.1.0'}}}}]} ERROR root:remote_operations_handler.py:333 Error: Package for centos and arm64v8 not found ERROR root:remote_operations_handler.py:333 Error: Package for ubuntu and arm64v8 not found ERROR root:remote_operations_handler.py:368 Error: Package for centos and arm64v8 not found ERROR root:remote_operations_handler.py:368 Error: Package for ubuntu and arm64v8 not found CRITICAL test_vulnerability_detector:test_vulnerability_detector.py:604 Final Results
-----------------------------Captured log teardown------------------------------
ERROR test_vulnerability_detector:test_vulnerability_detector.py:171 Truncate managers and agents logs ERROR test_vulnerability_detector:test_vulnerability_detector.py:174 Restoring original configuration ERROR test_vulnerability_detector:test_vulnerability_detector.py:177 Restarting environment

report.html

Summary

Results

Test function details

Extended Summary

Parameters

Test function details

Extended Summary

Parameters