Viewing vulnerability details

Sections

Use the Vulnerability details page to identify which nodes are affected by the vulnerability, and using the analysis and remediation details determine which task to run on the nodes to help fix the specific vulnerability.

Metrics

Displayed on each vulnerability details page are metrics relating to the vulnerability:
  • Risk score - the risk score value assigned to the vulnerability by your vulnerability scanner.

  • Nodes affected - the number of nodes the vulnerability was detected on.

  • Infrastructure affected - the percentage of your entire infrastructure the vulnerability affects.

CVE details

If provided by your vulnerability scanner, the following CVE details are displayed for each vulnerability.

CVE detail Description
CVE ID The CVE ID is an unique identifier for a security vulnerability and is the number sequence of a CVE entry. For example, CVE-2019-0601 includes the CVE prefix, the year that the CVE ID was assigned or made public, and the sequence of numbers.

CVSS base score

CVSS V3 base score

Depending on how easy it is to exploit the vulnerability and how damaging it can be, each vulnerability is assigned a base score in the Common Vulnerability Scoring System (CVSS) which ranges from zero to ten.

CVSS temporal score

CVSS V3 temporal score

The temporal score is calculated using metrics on how likely the vulnerability will be exploited, on how easy the vulnerability is to fix, and on how confidently it can be said that a vulnerability exists.

Latest events

The Latest events area lists the last three tasks carried out to remediate the vulnerability. Mouse over each task to see who initiated the task, any comments they made, how many nodes were affected, and how long ago the task was run. Click an individual task to go to the Vulnerability Task Detail page for more information about the chosen task.

Click View all to go to the Latest events page for the vulnerability in question, where information on all remediation tasks carried out for the vulnerability is given.

Analysis

The analysis provided by your vulnerability scanner is a description of the vulnerability threat, and the possible consequences that can occur if the vulnerability is successfully exploited.

Remediation

The remediation details provided by your vulnerability scanner is a brief summary of how you can fix the vulnerability. For information on how to fix a vulnerability, see Remediating Vulnerabilities.

How helpful was this page?

If you leave us your email, we may contact you regarding your feedback. For more information on how Puppet uses your personal information, see our privacy policy.

Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.