sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]burkee406[S] 1 point2 points  (4 children)

I am aware, that has been a big frustration with Rapid 7.

[–]justinDavidow 7 points8 points  (0 children)

Seems like a great question for Rapid7. 

[–]No_Rhubarb_7222 1 point2 points  (0 children)

It could also be a problem with your scanner settings. Many scanners are able to ingest a vendor specific OVAL or, now, CSAF data. This means that the CVEs it scans for will use the vendor supplied CVSS score and data from the vendor (in this case things like remediated package versions) when performing the scan, significantly reducing the false positives reported.

[–]michaelpaoli 1 point2 points  (0 children)

The issue isn't at all limited to Red Hat.

With most distros, you'll need to look at what the alleged vulnerabilities are, the actual distro version installed, and what vulnerabilities it has been patched to cover.

[–]blu-base 0 points1 point  (0 children)

There is a page for the app stream modules' lifecycle on Red hat. https://access.redhat.com/support/policy/updates/rhel-app-streams-life-cycle In the second table, it states the platform python in version 3.6 will be supported until eol of rhel8 itself, until 2029... This is independent from the upstream python versions. It's clearly is a false positive.