CVEs Atlassian are not recognized

A quick question for all those who use OpenVAS in the Community Edition.

I recently put “OpenVAS” into operation in Docker in our network. So far
so far the whole thing is working well. I update the containers with the databases and everything every day.

We use Confluence on the intranet and are now affected by CVE 2023-22518. We have run
GSA Community Edition over it, but it doesn’t show us the CVE.

The whole thing seems a bit strange to me personally. Now I have found an article from 2022,
in which it is mentioned that the system itself recognizes whether it is a business application or not and
thus then recognizes the CVE but does not indicate that it is not a Pro application.

Can anyone tell me anything about this?

Is status:

Greenbone Security Assistant
Version (22.8.1)

Version: Atlassian Confluence 7.19.11

Many thanks in advance.




and welcome to this community portal. VTs for all Atlassian products (including Confluence) are only part of the commercial Greenbone Enterprise Feed (since around 2017).