Why are some vulnerabilities in NVT Greenbone Enterprise Appliance Can I find it, but I can’t find it in the vulnerability library I installed myself?
I have updated the vulnerability library based on the documentation.
https://greenbone.github.io/docs/latest/22.4/container/workflows.html#performing-a-manual-feed-sync
For example, this vulnerability: CVE-2023-27524
Hello,
and welcome to this community forums.
For the example CVE-2023-27524 is only part of the Greenbone Enterprise Feed and not included in the Greenbone Community Feed (which is the feed available in the Greenbone Community Edition).
More info on the different feed types is available here:
Thank you for your reply,
Will the NVTs corresponding to the vulnerability “CVC-2023-27524” delay entering Greenbone Community Feed, or will they not plan to enter Greenbone Community Feed?
If it is a delay, how long will it be delayed?
At least currently there are no delays in the feed publishing process of the community feed as announced a few years ago via https://marc.info/?l=openvas-announce&m=150347774320198&w=2 (quoted below).
Currently there are no plans to make VTs for CVE-2023-27524 (or any other upcoming CVE for this product) available in the community feed.
In early June we announced upcoming feed changes which are now ready to start.
The first change is renaming the public feed from “OpenVAS NVT Feed” to “Greenbone Community Feed” (GCF) for branding reasons. This has no impact on functionality and there will be no license change.
The second change is surely awaited by many community users:
We will drop the current 14-day delay for the Community Feed and switch to a daily up-to-date scheme. This includes immediate availability of “Hot NVTs” which address security problems running fast through the Internet and through the news. Also, reported patches/improvements will become available much sooner.
However, we will stop adding features for large enterprise environments. We will not remove such NVTs from the current community feed, so you will not get inconsistent scan results for them. Naturally, the gap between GCF and GSF regarding enterprise features will grow over time.
We think this a good balance between community needs and commercial needs.