View Findings Details
Technical Preview: This feature is currently in rapid development and may change frequently.
Overview
This page offers a comprehensive investigation panel for a specific finding, including:
- Finding metadata and affected asset metadata.
- Full vulnerability description and CVE background.
- Context indicators like exploitability and fix availability.
- Threat intelligence insights (CISA KEV, ransomware use).
- Remediation guidance for the individualized Finding.
- Actions like Create Ticket and Accept Finding are readily available to initiate workflows and drive Remediation.
Highlights
The Highlights section of the Findings Details drawer is an overview of the Vulnerability in your environnment, providing context to help you prioritize and understand the risk of the Finding as it relates to your infrastructure.
All Affected Resource Summary
- Affected Resource: Provides the affected resources name and navigate to the Resource Details drawer.
- Zones: The zone the resource belongs to.
- Remediations: If a fix is available provides a navigation to the (Remediations)[#remediations] section of the Findings Details drawer.
Description
This section provides a detailed narrative about the vulnerability including high level overviews provided by Sysdig’s Vulnerability Feeds including but not limited to:
- Background on the software or component affected
- Description of how the vulnerability can be exploited
- Timeline of discovery, fixes, or regressions
- Recommendations for mitigating risk if immediate patching is not possible
CVE Details
Field | Value | Description |
---|---|---|
Finding Name | CVE-2024-41110 | The official CVE identifier assigned to this vulnerability, providing a link to CVE 360. |
Severity | Critical | The risk level of the vulnerability based on CVSS score and external feeds, provides a clickable link to the Vulnerability Feeds section. For more information see Vulnerability Feeds. |
Context | Exploitable, Has Fix, In-Use | Indicates whether the vulnerability is actively exploitable and if a fix is available, or is In-Use. |
Disclosure Date | Tue, Jul 30, 2024 at 03:18:57 AM | The date the vulnerability was publicly disclosed by the matched vendor, for more information see Vulnerability Feeds. |
EPSS | 0.00% | The Exploit Prediction Scoring System score, estimating the probability of exploitation. |
EPSS Percentile | 0.00% | The percentile rank of this CVE relative to other known vulnerabilities. |
Package | github.com/docker/docker v24.0.7+incompatible | The software package and version in which the vulnerability exists. |
Package Type | Golang | The language or ecosystem of the affected package. |
Package Path | /usr/bin/dive | The filesystem location where the package was detected on the impacted resource. |
Finding Discovered | Mon, Apr 28, 2025 at 09:08:18 AM | Timestamp when this specific finding was first observed in your environment on the affected resource. |
Fix Available Since | Mon, Jul 22, 2024 at 05:00:00 PM | Date and time when a fix became available for this CVE from the matched vendor. For more information see Vulnerability Feeds. |
Remediations
Vulnerability Finding remediations are specific to the individual Finding. It provides the following data related to the underlying issue and fix version provided by the matched vendor.
Field | Example Value | Description |
---|---|---|
Fix Available Since | July 22, 2024 | The date when a vendor-provided or validated fix became available for this vulnerability from the matched vendor. For more information see Vulnerability Feeds. |
Fix Suggestion | Upgrade package to v25.0.6 | Recommended action to remediate the vulnerability, typically by upgrading to a fixed version. For more information see Vulnerability Feeds. |
Resource to Fix | registry.k8s.io/kops/kops-controller:1.28.5@sha256:07e40a04b4f8f3dfedfdfff6... | The specific container image or runtime resource where the fix should be applied. |
Package | github.com/docker/docker | The affected software package that should be updated. |
Package Path | /ko-app/kops-controller | Filesystem location within the container or runtime where the package is installed. |
Package Type | Golang | The programming language or ecosystem the package belongs to (e.g., Golang, Debian, RPM). |
Security Feeds
Sysdig consolidates insights from multiple trusted security feeds to enhance vulnerability context. On the Vulnerability Findings page, each vulnerability includes detailed information sourced from all available feeds to support faster, more informed decision-making.
Each feed includes the following data:
Field | Example Value | Description |
---|---|---|
Feed | VulnDB | The security feed that provided this vulnerability information. |
Severity | Critical | The severity level assigned by the feed based on its own scoring methodology. |
CVSS Score v3 | 9.8 (v3.1) | CVSS v3 score as provided by the feed, if available, indicating criticality using the older scoring system. |
CVSS Score v2 | 9.3 (v2) | CVSS v2 score assigned to the vulnerability if available, indicating criticality using the older scoring system. |
Vendor Links | CVE-2024-41110 | Links to external vendor advisories, if provided by the feed. |
Published Date | 17/04/2024 | The date the vulnerability information was published by the feed. |
For more information see Vulnerability Feeds.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.