starlingx/docs
Code Issues Proposed changes

Updated CVSS v3.x

Browse Source 
Updated patchset 5 comments
Indented Text only
Updated patchset 3 comments
Removed Partner information and only retained information specific to StarlingX
Change-Id: Ibc8da0d9772422ee09fb46759730ada2c1ac12b2
Signed-off-by: Juanita Balaraj <juanita.balaraj@windriver.com>
This commit is contained in:
Juanita Balaraj
2023-06-09 15:29:38 +00:00
parent 2a1837dbc7
commit 13a03e6cd2
2 changed files with 41 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
doc/source/_includes/cve-maintenance-0eaf7f8697bc.rest
View File

@@ -2,14 +2,3 @@
.. begin-CVE
.. end-CVE
.. CentOS-begin
.. CentOS-end
.. CVE-visibility-begin
.. CVE-visibility-end
.. Debian-begin
.. Debian-end
.. CVE-visibility-1-begin
.. CVE-visibility-1-end

52
doc/source/security/kubernetes/cve-maintenance-723cd9dd54b3.rst
View File

@@ -4,9 +4,6 @@
CVE Maintenance
===============
On a monthly basis, the master development branch of |prod| is scanned for
|CVE|'s and the reports that are generated are reviewed by the Security team.
.. only:: partner
.. include:: /_includes/cve-maintenance-0eaf7f8697bc.rest
@@ -15,27 +12,26 @@ On a monthly basis, the master development branch of |prod| is scanned for
.. only:: starlingx
For |CVE|'s which meet StarlingX's ``CVE Fix Criteria Policy`` as documented
below, fixes are provided for the |CVE| in the StarlingX master branch.
On a monthly basis, the master development branch of StarlingX is scanned
for CVEs using the third party tool ``Vulscan`` to provide an unbiased view
of vulnerabilities. The generated reports are reviewed by the Security team.
For |CVE|'s which meet StarlingX's CVE Fix Criteria Policy as documented
below, fixes are provided in the StarlingX master branch.
For Debian-based versions of |prod| |deb-release-ver|:
.. note::
.. only:: partner
There are no scans executed or |CVE| fixes implemeneted on the released
versions / branches on StarlingX.
.. include:: /_includes/cve-maintenance-0eaf7f8697bc.rest
:start-after: Debian-begin
:end-before: Debian-end
For the current Debian-based versions of StarlingX:
- The third party tool ``Vulscan`` is used to scan for |CVE|'s to provide an
unbiased view of vulnerabilities
- |CVSS| v3 base scores and base metrics are used in the |CVE| fix criteria
- |CVSS| v3.x base scores and base metrics are used in the |CVE| fix criteria
- The |CVE| ``Fix Criteria Policy`` is:
- Main Fix Criteria
- |CVSS| v3 Base score >= 7.0
- |CVSS| v3.x Base score >= 7.0
- Base Metrics has the following:
- Attack Vector: Network
@@ -47,22 +43,11 @@ For Debian-based versions of |prod| |deb-release-ver|:
- OR, visibility is HIGH and a correction is available upstream
.. only:: partner
In the past, for older CentOS-based versions of StarlingX:
.. include:: /_includes/cve-maintenance-0eaf7f8697bc.rest
:start-after: CVE-visibility-1-begin
:end-before: CVE-visibility-1-end
- |CVSS| v2 base scores and base vectors were used in the |CVE| fix criteria
For older CentOS-based versions of |prod|:
.. only:: partner
.. include:: /_includes/cve-maintenance-0eaf7f8697bc.rest
:start-after: CentOS-begin
:end-before: CentOS-end
- |CVSS| v2 base scores and base vectors are used in the |CVE| fix criteria
- The |CVE| ``Fix Criteria Policy`` is:
- The |CVE| ``Fix Criteria Policy`` was:
- Main Fix Criteria
@@ -73,12 +58,7 @@ For older CentOS-based versions of |prod|:
- Access Complexity: Low
- Authentication: None or Single
- Availability Impact: Partial/Complete
- A correction is available upstream
- OR, visibility is HIGH and a correction is available upstream
- A correction was available upstream
.. only:: partner
.. include:: /_includes/cve-maintenance-0eaf7f8697bc.rest
:start-after: CVE-visibility-begin
:end-before: CVE-visibility-end
- OR, visibility was HIGH and a correction was available upstream