To support the monthly master StarlingX CVE scans with the new CVSS v3
policy, we run the filter criteria as the following policy:
Base score >= 7.0
Base Metrics have the following:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None or Low
Availability Impact: High or Low
User Interaction: None
A correction is available upstream
We can see the policy here:
https://wiki.openstack.org/wiki/StarlingX/Security/CVE_Support_Policy
Meanwhile update the html report template with new criteria.
TestPlan:
PASS: python3 cve_policy_filter.py localhost.json master_V3_Sep_29_2022 cvssv3
Story: 2010387
Task: 46683
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Change-Id: I8ab91805b4d78c218aee85f94b6cc25929948417
509d901837