By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

False positive from Inspector2

1

Hello,

Inspector2 is reporting that a freshly-built EC2 instance is vulnerable to CVE-2021-44731 (affecting snap v2.54.2), but our installed version is 2.54.3:

$ snap --version
snap    2.54.3+18.04.2ubuntu0.1
snapd   2.54.3+18.04.2ubuntu0.1
series  16
ubuntu  18.04
kernel  5.4.0-1066-aws

I haven't found any other versions of snap on the instance. Any idea what would cause this?

Thanks in advance, Eugene

Topics
ComputeManagement & GovernanceSecurity, Identity, & Compliance
Tags
Amazon EC2AWS Systems ManagerAmazon Inspector
Language
English
eugene
asked 2 years ago801 views
2 Answers
1

We are on the Basic Support Plan, unfortunately. I spent a couple hours looking into this today, and still believe Inspector2 is misreporting. Here's an excerpt from the finding:

    ...
    "vulnerabilityId": "CVE-2021-44731",
    "vulnerablePackages": [
      {
        "arch": "ALL",
        "epoch": 0,
        "name": "snapd",
        "packageManager": "OS",
        "version": "2.54.3"
      }
    ],
    ...

And from CVE-2021-44731:

Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

I'd rather not suppress this finding. Does anyone have any other suggestions?

eugene
answered 2 years ago
  • Adam
    2 years ago

    We are having the same problem. For us, it looks like systems manager inventory is retaining the old version of snapd even though it isn't on the system and not returned by dpkg-query

0

Please create a support case providing details for the AWS support team to investigate and provide guidance on this.

Thanks.

AWS
Rajarshi_D
answered 2 years ago
profile pictureAWS
EXPERT
Brettski-AWS
reviewed 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content