Launchpad itself

Bug CVEs not available to anonymous API users

Bug #1810386 reported by Martin Prpic on 2019-01-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	Triaged	Low	Unassigned

Bug Description

When looking up CVE information of a bug, the returned collections are always empty, e.g.:

```
$ py
3.7.1 (default, Nov 23 2018, 10:01:49)

In [1]: from launchpadlib.launchpad import Launchpad

In [2]: launchpad = Launchpad.login_anonymously('just testing', 'production', './cache/', version='devel')

In [3]: bug = launchpad.bugs[1529836]

In [4]: list(bug.cves)
Out[4]: []
```

Same with direct API query:

```
$ http --body https://api.launchpad.net/devel/bugs/1529836/cves
{
    "entries": [],
    "resource_type_link": "https://api.launchpad.net/devel/#cve-page-resource",
    "start": 0,
    "total_size": 1
}
```

Visiting the actual web URL (https://bugs.launchpad.net/kwapi/+bug/1529836) shows CVE-2016-0738 listed under "CVE References". I'd expect this CVE to be listed in both responses above. Is the CVE information available somewhere else? Or is it simply missing?

Tags:

Revision history for this message

Colin Watson (cjwatson) wrote on 2019-01-04:

It works if you're logged in (login_with rather than login_anonymously). ICve's security declarations probably need to be looked at a bit more carefully.

summary:	- Bug CVEs not available via launchpad API + Bug CVEs not available to anonymous API users
tags:	added: api lp-bugs
Changed in launchpad:
importance:	Undecided → Low
status:	New → Triaged

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.