Correct CVE recognition logic

- A CVE is considered known if it's linked to one of the metadata entries from channels or OVAL data.
uyuni-project · Jan 23, 2024 · daa3d0e · daa3d0e
1 parent 252f563
commit daa3d0e
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/java/code/src/com/redhat/rhn/manager/audit/CVEAuditManagerOVAL.java b/java/code/src/com/redhat/rhn/manager/audit/CVEAuditManagerOVAL.java
@@ -107,7 +107,8 @@ public static List<CVEAuditServer> listSystemsByPatchStatus(User user, String cv
     }
 
     private static boolean isCVEIdentifierUnknown(String cveIdentifier) {
-        return !OVALCachingFactory.canAuditCVE(cveIdentifier);
+        return !OVALCachingFactory.canAuditCVE(cveIdentifier) ||
+               !CVEAuditManager.isCVEIdentifierUnknown(cveIdentifier);
     }
 
     /**