Hi,
i cannot seem to find CVE-2023-6933 in the CVE feeds. Feed status for CVEs is " 20240205T0500 Current"
Better Search Replace <= 1.4.4 - Unauthenticated PHP Object Injection CVE-2023-6933
i know feeds are not updated on weekends, but shouldn’t this have shown up already? Thanks
This info is btw. also included in the documentation here:
The availability of a CVE on the appliance depends on its availability in the NVD. As soon as it has been published there, it takes 1–2 working days for it to appear in the SecInfo.
14 Managing SecInfo — Greenbone Enterprise Appliance 22.04.17 documentation
In the meantime the CVE is now available in the SecInfo:
https://secinfo.greenbone.net/cve/CVE-2023-6933
Note: The “N/A” score is currently expected there as also described in the previous linked documentation:
Columns like Severity may display N/A for one of the following reasons:
- The CVE was published but no vulnerability analysis/severity assessment was carried out by the NVD yet. This can take a few days up to a few weeks.Such CVEs can be identified when browsing the related entry. As long as Undergoing Analysis is displayed there, N/A is shown in the columns for the CVE.
- There is always a delay of 1–2 working days between the vulnerability analysis/severity assessment and the time the updated information is displayed in the SecInfo management.
