Adjustment of vulnerability descriptions

[sebasfalcone]

Related issue
#26130

Description

WIP

Testing

Input for all the tests:

curl -vsS --unix-socket test.sock --header "Content-Type: application/json"   --request POST   --data '{
  "type": "packagelist",
  "agent": {
    "id": "001"
  },
  "packages": [
    {
      "architecture": "amd64",
      "checksum": "1e6ce14f97f57d1bbd46ff8e5d3e133171a1bbce",
      "description": "NSS",
      "format": "rpm",
      "groups": "libs",
      "item_id": "ec465b7eb5fa011a336e95614072e4c7f1a65a53",
      "multiarch": "same",
      "name": "nss",
      "priority": "optional",
      "scan_time": "2023/08/04 19:56:11",
      "size": 72,
      "source": "nss",
      "vendor": "Red Hat, Inc.",
      "version": "3.53.1-3.el7_9"
    }
  ],
  "hotfixes": [],
  "os": {
    "architecture": "x86_64",
    "checksum": "1691178971959743855",
    "hostname": "redhat",
    "codename": "7",
    "major_version": "7",
    "minor_version": "9",
    "name": "Redhat",
    "patch": "6",
    "platform": "rhel",
    "version": "7.9",
    "scan_time": "2023/08/04 19:56:11",
    "kernel_release": "5.4.0-155-generic",
    "kernel_name": "Linux",
    "kernel_version": "#172-Ubuntu SMP Fri Jul 7 16:10:02 UTC 2023"
  }
}' http://localhost/vulnerability/scan | jq

Porting: #25480

• Output

  {
    "assigner": "mozilla",
    "category": "Packages",
    "classification": "",
    "condition": "Package default status",
    "cwe_reference": "",
    "description": "NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.",
    "detected_at": "2024-10-25T22:59:16.965Z",
    "enumeration": "CVE",
    "id": "CVE-2023-5388",
    "item_id": "ec465b7eb5fa011a336e95614072e4c7f1a65a53",
    "published_at": "2024-03-19T12:15:07Z",
    "reference": "https://bugzilla.mozilla.org/show_bug.cgi?id=1780432, https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html, https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html, https://www.mozilla.org/security/advisories/mfsa2024-12/, https://www.mozilla.org/security/advisories/mfsa2024-13/, https://www.mozilla.org/security/advisories/mfsa2024-14/",
    "score": {
      "base": 0.0,
      "version": ""
    },
    "severity": "",
    "source": "Red Hat CVE Database",
    "updated": "2024-03-25T17:15:51Z"
  },

    "source": "Red Hat CVE Database",

Porting: #25585

• Under evaluation CVE:
  

  {
    "assigner": "mozilla",
    "category": "Packages",
    "classification": "",
    "condition": "Package default status",
    "cwe_reference": "",
    "description": "NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.",
    "detected_at": "2024-10-28T12:15:44.509Z",
    "enumeration": "CVE",
    "id": "CVE-2023-5388",
    "item_id": "ec465b7eb5fa011a336e95614072e4c7f1a65a53",
    "published_at": "2024-03-19T12:15:07Z",
    "reference": "https://bugzilla.mozilla.org/show_bug.cgi?id=1780432, https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html, https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html, https://www.mozilla.org/security/advisories/mfsa2024-12/, https://www.mozilla.org/security/advisories/mfsa2024-13/, https://www.mozilla.org/security/advisories/mfsa2024-14/",
    "score": {
      "base": 0.0,
      "version": ""
    },
    "severity": "",
    "source": "Red Hat CVE Database",
    "under_evaluation": true,
    "updated": "2024-03-25T17:15:51Z"
  }

• Evaluated CVE:
  

  {
    "assigner": "mozilla",
    "category": "Packages",
    "classification": "CVSS",
    "condition": "Package default status",
    "cvss": {
      "cvss3": {
        "vector": {
          "attack_vector": "",
          "availability": "NONE",
          "confidentiality_impact": "LOW",
          "integrity_impact": "NONE",
          "privileges_required": "NONE",
          "scope": "UNCHANGED",
          "user_interaction": "REQUIRED"
        }
      }
    },
    "cwe_reference": "CWE-203",
    "description": "Multiple NSS NIST curves were susceptible to a side-channel attack known as \"Minerva\". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.",
    "detected_at": "2024-10-28T12:15:44.510Z",
    "enumeration": "CVE",
    "id": "CVE-2023-6135",
    "item_id": "ec465b7eb5fa011a336e95614072e4c7f1a65a53",
    "published_at": "2023-12-19T14:15:07Z",
    "reference": "https://bugzilla.mozilla.org/show_bug.cgi?id=1853908, https://www.mozilla.org/security/advisories/mfsa2023-56/, https://security.gentoo.org/glsa/202401-10",
    "score": {
      "base": 4.3,
      "version": "3.1"
    },
    "severity": "Medium",
    "source": "Red Hat CVE Database",
    "under_evaluation": false,
    "updated": "2024-01-07T11:15:14Z"
  }