cve-update-db-native: Fix FKIE CVE accessVector parsing

Use "attackVector" for CVSS >= 3 as it only CVSS v2 uses "accessVector". (From OE-Core rev: 7e4d566445a8cbe1e540e20837d45692d81af77f) Signed-off-by: Jonathan Schnitzler <jonathan.schnitzler@faro.com> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-04-23 00:32:12 +02:00 · 2025-08-24 16:57:44 +02:00
parent bb037c228c
commit 8b5c222b08
1 changed files with 3 additions and 3 deletions
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -352,7 +352,7 @@ def update_db_fkie(conn, jsondata):
        try:
            for m in elt['metrics']['cvssMetricV30']:
                if m['type'] == 'Primary':
-                    accessVector = m['cvssData']['accessVector']
+                    accessVector = m['cvssData']['attackVector']
                    vectorString = m['cvssData']['vectorString']
                    cvssv3 = m['cvssData']['baseScore']
        except KeyError:
@@ -361,7 +361,7 @@ def update_db_fkie(conn, jsondata):
        try:
            for m in elt['metrics']['cvssMetricV31']:
                if m['type'] == 'Primary':
-                    accessVector = m['cvssData']['accessVector']
+                    accessVector = m['cvssData']['attackVector']
                    vectorString = m['cvssData']['vectorString']
                    cvssv3 = m['cvssData']['baseScore']
        except KeyError:
@@ -370,7 +370,7 @@ def update_db_fkie(conn, jsondata):
        try:
            for m in elt['metrics']['cvssMetricV40']:
                if m['type'] == 'Primary':
-                    accessVector = m['cvssData']['accessVector']
+                    accessVector = m['cvssData']['attackVector']
                    vectorString = m['cvssData']['vectorString']
                    cvssv4 = m['cvssData']['baseScore']
        except KeyError: